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About This Guide 


This guide describes how to convert Novell Cluster Services cluster nodes and resources from 
NetWare 6.5 Support Pack (SP) 8 (with the latest patches) to Novell Cluster Services 2.2 on Open 
Enterprise Server (OES) clusters. 


This guide includes the following sections: 


+ Chapter 1, “Planning the Cluster Conversion,” on page 9 

¢ Chapter 2, “Planning the Conversion of Cluster Resources,” on page 17 

¢ Chapter 3, “Planning the Conversion of Load and Unload Scripts,” on page 21 

+ Chapter 4, “Converting NetWare Clusters to OES Clusters,” on page 33 

+ Chapter 5, “Novell AFP,” on page 41 

+ Chapter 6, “Apache HTTP Server,” on page 43 

¢ Chapter 7, “eDirectory Server Certificates,” on page 59 

¢ Chapter 8, “Novell CIFS,” on page 63 

+ Chapter 9, “Novell Distributed File Services VLDB,” on page 65 

¢ Chapter 10, “DHCP Server,” on page 67 

+ Chapter 11, “DNS Server,” on page 69 

¢ Chapter 12, “Novell iPrint,” on page 71 

¢ Chapter 13, “MySQL,” on page 77 

+ Chapter 14, “Novell Storage Services Pools,” on page 95 

+ Appendix A, “Comparing Novell Cluster Services for Linux and NetWare,” on page 97 
+ Appendix B, “Comparing Resources Support for Linux and NetWare,” on page 103 


Audience 
This guide is intended for Novell Cluster Services administrators and other administrators that are 
responsible for clustered services and data. It is assumed that readers of this guide have a basic 


understanding of Novell Cluster Services and of the services and file systems that are being 
clustered. 


Feedback 
We want to hear your comments and suggestions about this manual and the other documentation 


included with this product. Please use the User Comments feature at the bottom of each page of the 
online documentation. 


Documentation Updates 


For the most recent version of the Novell Cluster Services NetWare to Linux Conversion Guide, visit 
the OES documentation website (http:/www.novell.com/documentation/oes2015/). 
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Additional Documentation 


For information about managing Novell Cluster Services clusters and resources, see the OES 2015 
SP1 Beta: Novell Cluster Services for Linux Administration Guide. 


For information about managing a NetWare cluster, see the “Clustering NetWare Services’ list on the 
NetWare 6.5 SP8 Clustering (High Availability) documentation website (http://www.novell.com/ 
documentation/nw65/cluster-services.html#clust-config-resources). 
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Planning the Cluster Conversion 


Upgrading a NetWare 6.5 SP8 cluster to Open Enterprise Server (OES) 2015 SP1 is a multi-phase 
process referred to as a rolling cluster conversion. This approach lets you keep your cluster up and 
running and lets your users continue to access cluster resources while the conversion is in progress. 
During a rolling cluster conversion, one server is converted to OES while the other servers in the 
cluster continue running NetWare. Then another server can be converted to OES, and then another, 
until all servers in the cluster have been converted. During the conversion, you can also add OES 
servers to the cluster, and remove NetWare servers from the cluster. 


Before you begin a conversion, ensure that your system meets the requirements and caveats 
described in this section. In addition, your OES nodes and network environment must meet the 
cluster requirements as described in “Planning for Novell Cluster Services” in the OES 2015 SP1 
Beta: Novell Cluster Services for Linux Administration Guide. 

¢ Section 1.1, “Supported Conversion Paths,” on page 10 

¢ Section 1.2, “Supported Mixed-Mode Clusters,” on page 10 

¢ Section 1.3, “SBD Devices Must Be Marked as Shareable for Clustering,” on page 10 

¢ Section 1.4, “Master-Election Algorithm,” on page 11 

¢ Section 1.5, “Syntax Translation Issues for Load and Unload Scripts,” on page 11 

¢ Section 1.6, “Adding a New NetWare Node to a Mixed-Mode Cluster,” on page 12 

¢ Section 1.7, “Converting Multiple NetWare Cluster Nodes to OES,” on page 12 


¢ Section 1.8, “Converting Nodes that Contain the eDirectory Master Replica or Certificate 
Authority,” on page 12 


¢ Section 1.9, “Failing Over Service Cluster Resources in Mixed-Mode Clusters,” on page 12 
¢ Section 1.10, “Failing Over Data Cluster Resources in Mixed-Mode Clusters,” on page 13 
¢ Section 1.11, “Using Resources in Mixed-Mode Clusters,” on page 13 

¢ Section 1.12, “Managing File Systems in Mixed-Mode Clusters,” on page 13 

¢ Section 1.13, “Using Novell iManager in Mixed-Mode Clusters,” on page 14 


¢ Section 1.14, “Using Novell Remote Manager to Manage the Cluster Is Not Supported in Mixed- 
Mode Clusters,” on page 14 


¢ Section 1.15, “Using ConsoleOne to Manage the Cluster Is Not Supported in Mixed-Mode 
Clusters,” on page 14 


¢ Section 1.16, “Using the Monitoring Function Is Not Supported in Mixed-Mode Clusters,” on 
page 15 
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1.1 Supported Conversion Paths 


The NetWare to Linux conversion is supported from NetWare 6.5 SP8 (with the latest patches 
applied) to OES 2015 SP1 on the SUSE Linux Enterprise Server (SLES) 11 SP4 operating system. 
The following conversion paths are supported from NetWare to OES: 





From this NetWare platform Interim platform upgrade for all Before conversion to this 
nodes platform 

NetWare 6.5 SP8 Latest patches applied OES 2015 SP1 on SLES 11 SP4 

NetWare 6.5 SP7 or earlier NetWare 6.5 SP8 with the latest OES 2015 SP1 on SLES 11 SP4 


patches applied 


Before converting NetWare clusters to the latest OES release, you must apply all of the latest service 
packs and patches. See “Upgrading NetWare Clusters” in the NW6.5 SP8: Novell Cluster Services 
1.8.5 Administration Guide. 


If you have a NetWare 6.5 SP7 or earlier cluster, you must upgrade all nodes to NetWare 6.5 SP8 
(with the latest service packs and patches) before you convert any nodes to OES or add OES nodes 
to the cluster. See “Upgrading NetWare Clusters” in the NW6.5 SP8: Novell Cluster Services 1.8.5 
Administration Guide. 


1.2 Supported Mixed-Mode Clusters 


During the conversion, the intermediate cluster is referred to as a mixed-mode cluster. It contains 
NetWare nodes and Linux nodes. This is a temporary configuration that is supported for the purpose 
of converting the cluster from NetWare 6.5 SP8 (with the latest support packs and patches) to OES. It 
is not supported as a long-term operational state of the cluster. 


1.3 SBD Devices Must Be Marked as Shareable for 
Clustering 


Novell Cluster Services for Linux requires that the devices used for the SBD partition be explicitly 
marked as Shareable for Clustering. When converting a NetWare cluster, ensure that the SBD 
device, or both devices for a mirrored SBD, are marked as Shareable for Clustering before you add 
the first Linux node to the cluster. 

1 Log in to the master NetWare node as the root user, then open a terminal console. 


2 At the console prompt, enter 


nssmu 
3 In the NSSMU main menu, select Devices, then press Enter. 
4 Select the SBD device. 
5 If Shareable for Clustering is set to No, press F6 to share the device. 
Wait for the page to refresh. If the change is successful, Shareable for Clustering is set to Yes. 
6 If the SBD is mirrored, repeat Step 4 and Step 5 for the device that is used as the SBD mirror. 
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1.4 


1.5 


Master-Election Algorithm 


Novell Cluster Services for OES 11 SP1 and later introduces some intelligence in the master election 
process when the master leaves a cluster (voluntarily or involuntarily). The new algorithm 
substantially reduces the time needed for master election in some cases. 


During an upgrade, a master-election dispute can rarely occur in a larger mixed-mode cluster (4 or 
more nodes) that consists of mixed NetWare 6.5 SP8 and OES nodes. If multiple nodes, including the 
master, concurrently leave the cluster, the different master-election algorithms might result in a 
dispute where equal-sized groups of old nodes and new nodes each elects its own master. SBD 
resolves the dispute by fencing one of the masters. 


The fencing does not result in data loss. You can reboot the nodes that are poison-pilled, and they will 
re-join the cluster. 


If you have a larger cluster (4 or more nodes), you can avoid the master-election dispute/fencing 
problem by upgrading the NetWare nodes with higher IP addresses first, in descending order from 
highest to lowest. This helps ensure that in master node election disputes between a NetWare node 
and an OES node, the OES node has the higher IP address and becomes the master. 


For example, assume that you have a four-node NetWare 6.5 SP8 cluster with IP address 
assignments as follows: 


Node1, IP: 192.168.99.10 
Node2, IP: 192.168.99.11 
Node3, IP: 192.168.99.12 
Node4, IP: 192.168.99.13 


You should first upgrade Node4 because it has the highest IP address. Upgrade Node3 second, then 
Node2, and finally Node1. 


Syntax Translation Issues for Load and Unload 
Scripts 


Executing a script that is valid for the NetWare platform is not necessarily recognized on the OES 
platform. When you cluster migrate a resource from a NetWare node to an OES node, the resource’s 
load script and unload script need to be translated in-memory while the cluster is in mixed mode. It is 
also translated in-memory when the cluster is finally converted from NetWare to Linux. This 
translation is done by the Cluster Translation Library script (/opt /novell/nes/bin/clstrlib.py). 
For information about the script translations, see Chapter 3, “Planning the Conversion of Load and 
Unload Scripts,” on page 21. 





IMPORTANT: If the commands in cluster resource’s load or unload scripts are not part of the normal 
translation library, the cluster resource can end up in a comatose state. 





Novell Cluster Services allows you to customize the translation syntax that is used for load and 
unload scripts in mixed-mode clusters by defining them in the /var/opt/novell/ncs/ 

customized translation syntax file that you create. The clstrlib.py script reads the additional 
translation syntax from the syntax file. See Section 3.7, “Customizing the Translation Syntax for 
Converting Load and Unload Scripts,” on page 28. 
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1.6 Adding a New NetWare Node to a Mixed-Mode 
Cluster 


You cannot add a new NetWare node to your cluster if OES nodes are active in the cluster. To add 
NetWare cluster nodes after converting part of your cluster to OES, you must first remove the OES 
nodes from the cluster by using the cluster leave command. 


1.7 Converting Multiple NetWare Cluster Nodes to 
OES 


To concurrently convert multiple NetWare cluster servers to OES, we strongly recommend that you 
use the old NetWare node IP addresses for your Linux cluster servers. You should record the 
NetWare node IP addresses before converting them to Linux. 


If you must assign new node IP addresses to the OES nodes, we recommend that you convert only 
one node at a time. 


If new cluster node IP addresses are required and the old server hardware is being retired, you can 
shut down the NetWare nodes that are to be removed, add the new OES cluster nodes, then remove 
the NetWare nodes’ cluster-related objects as described in Step 5 of Section 4.1, “Converting 
NetWare Cluster Nodes to OES (Rolling Cluster Conversion),” on page 33. 


IMPORTANT: Failure to follow these recommendations might result in NetWare server abends and 
OES server restarts. 





1.8 Converting Nodes that Contain the eDirectory 
Master Replica or Certificate Authority 


If the Novell eDirectory master replica resides on a clustered NetWare node, convert that node last in 
the rolling cluster conversion to OES. This also applies to a NetWare node that is running the Novell 
Certificate Server Certificate Authority. 


For OES 2015 SP1, the replacement Linux nodes will use NetIQ eDirectory 8.8 SP8 and NetIQ 
Certificate Server 3.3.8. These are the same Novell products that you have used for years, but they 
are now maintained by NetIQ, a sister company of Novell in the Attachmate Group. 


1.9 Failing Over Service Cluster Resources in Mixed- 
Mode Clusters 


For service cluster resources, the intention is to have a one-time cluster migration of the service from 
NetWare to OES. After you cluster migrate the resource to an OES node, the relocated resource 
should be cluster migrated only between nodes running the OES platform. 
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1.10 


1.11 


1.12 


Failing Over Data Cluster Resources in Mixed- 
Mode Clusters 


Pool cluster resources that were created on NetWare cluster nodes and migrated or failed over to 
OES cluster nodes can be migrated or failed back to NetWare cluster nodes. 


Cluster resources that are created on OES cluster nodes cannot be migrated or failed over to 
NetWare cluster nodes. If you need to create a new pool as part of a documented conversion 
procedure, create the pool on a NetWare node, then cluster migrate it to an OES node. For more 
information, see Section 1.12, “Managing File Systems in Mixed-Mode Clusters,” on page 13. 


If you cluster migrate an NSS pool from a NetWare cluster server to an OES cluster server, it could 
take several minutes for volume trustee assignments to synchronize between the NSS volumes and 
the NCP Server on Linux. Users might have limited access to the migrated volumes until after the 
trustee database is built on Linux. 


Using Resources in Mixed-Mode Clusters 


In cases where a Linux converted script exceeds the imposed NetWare script size limit of 924 bytes, 
it is best to avoid bringing the resource online on OES nodes until the final cluster convert command 
has been run. See Section 3.2, “Comparing Script Length Limits for NetWare and Linux,” on page 22. 


For example, the Linux script for GroupWise exceeds the length limit for NetWare scripts. Therefore, 
we recommend that you do not online GroupWise resources while running in mixed-mode clusters. 


Managing File Systems in Mixed-Mode Clusters 


In a mixed cluster of NetWare and OES nodes, Linux POSIX file systems as cluster resources cannot 
be created until the entire cluster had been successfully converted to OES Linux POSIX file systems 
as cluster resources cannot be migrated or failed over to NetWare cluster nodes. 


Only NSS pool cluster resources that are created on a NetWare cluster node can be failed over 
between Linux and NetWare nodes of a mixed-mode cluster. 


NetWare-to-Linux failover of NSS pool cluster resources requires that the Linux node be configured 
for NSS. 


No storage management functions should be executed in a mixed-mode cluster unless you are 
performing documented steps for the conversion. That is, do not create, delete, expand, or modify the 
properties for partitions, pools, or volumes for shared resources in the cluster unless the conversion 
instructions specifically guide you to do so. 





WARNING: Attempting to reconfigure shared storage in a mixed cluster can cause data loss. 


If you need to configure (or reconfigure) existing shared NSS pools and volumes in a mixed-mode 
cluster, you must temporarily bring down all Linux cluster nodes prior to making changes, then make 
the configuration changes on a NetWare node. Ensure that the resources are working properly on 
NetWare before having the Linux cluster nodes rejoin the cluster. 
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1.13 


1.14 


1.15 


Using Novell iManager in Mixed-Mode Clusters 


Use Novell iManager 2.7.5 or later for all cluster administration in the mixed-mode cluster. Using the 
Clusters plug-in to iManager is required to manage the cluster after the first OES node is added to the 
cluster. 


The display of node IDs from the NetWare master node might be incomplete if you use other tools like 
ConsoleOne and Novell Remote Manager in a mixed-mode cluster. However, you can use cat / 
admin/Novell/Cluster/NodeConfig.xml1 on any cluster node to get the node IDs. 


avalon:~/Desktop # cat /admin/NovelL/Cluster/NodeConfig. xml 
<?xml version="1.0" standalone="yes"?> 

<ncsRepLy> 

<nodes> 

<node> 

<name>avalon</name> 


nodeNumber>0</nodeNumber> 


<1pAddress>10.10.10.37s/1pAdaress> 
</node> 

</nodes> 

</ncsReply> 





Using Novell Remote Manager to Manage the 
Cluster Is Not Supported in Mixed-Mode Clusters 


Do not use Novell Remote Manager when managing mixed-mode clusters. Novell Remote Manager 
is not supported for cluster management on OES. 


Because different time formats are used in the NCS Event log for NetWare and Linux, Novell Remote 
Manager might have difficulty displaying the time of logged events. To avoid this problem in a mixed- 
mode cluster, use iManager to access the NCS Event log. 


To reduce any confusion you might have when using Novell Remote Manager, you can unload 
module pcluster.nl1m and delete its references in ldncs and uldncs. This removes the Cluster tab 
in Novell Remote Manager. 


Using ConsoleOne to Manage the Cluster Is Not 
Supported in Mixed-Mode Clusters 


Do not use ConsoleOne when managing mixed-mode clusters. ConsoleOne is not supported for 
cluster management on OES. 
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1.16 Using the Monitoring Function Is Not Supported in 
Mixed-Mode Clusters 


In mixed-mode clusters, the Monitor function in Novell Cluster Services for Linux is not available. You 
cannot enable the Monitor function or modify the Monitor script for cluster resources on the Linux 
nodes until all nodes in the cluster are running OES, and the conversion is finalized. In the finalization 
process, the monitor scripts are automatically created for each of the converted cluster resources. 


After the conversion is finalized, you can enable monitoring and view or modify the monitor script for 
a resource by using the Clusters plug-in to iManager. See “Enabling Monitoring and Configuring the 
Monitor Script” in the OES 2015 SP1 Beta: Novell Cluster Services for Linux Administration Guide. 
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Planning the Conversion of Cluster 
Resources 


In addition to changing the operating system, the software and file systems for various clustered 
services must be considered in your conversion from NetWare 6.5 SP8 to Open Enterprise Server 
(OES) 2015 SP1. This section provides an overview of the NetWare services and their counterparts 
in OES. Before you begin a conversion, ensure that your system meets the general requirements and 
caveats described in this section. 


Converting cluster resources for OES services from NetWare to Linux might require more than a 
simple cluster migration from a NetWare node to a Linux node. For example, the service might 
require that you use Migration Tool to convert the service from NetWare to Linux. Some services 
require post-conversion configuration to finalize the conversion. A few OES services on NetWare are 
not available on OES, so you must use the standard Linux service instead. 


See Table 2-1 for information about converting cluster resources for NetWare 6.5 SP8 services: 


Table 2-1 Guidelines for Converting Service Cluster Resources from NetWare to Linux 








Service on NetWare 6.5 Cluster Migrate the Converting the Service to OES 2015 or Later 
SP8 Resource 

Apache Web Server Yes See Chapter 6, “Apache HTTP Server,” on page 43. 
Apple Filing Protocol Yes See Chapter 5, “Novell AFP,” on page 41. 

(AFP) 

CIFS Yes See Chapter 8, “Novell CIFS,” on page 63. 


(Windows File Services) 





DFS VLDB Yes See Chapter 9, “Novell Distributed File Services VLDB,” 


on page 65. 
(Distributed File Services 


volume location 











database) 
DHCP Server Yes See Chapter 10, “DHCP Server,” on page 67. 
DNS Server Yes See Chapter 11, “DNS Server,” on page 69. 
eDirectory Not clustered, but See Section 1.8, “Converting Nodes that Contain the 
requires special handling eDirectory Master Replica or Certificate Authority,” on 
page 12. 
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Service on NetWare 6.5 Cluster Migrate the 


SP8 


Certificate Server 


exteNd Application 
Server and MySQL 


Resource 


Not clustered, but 
requires special handling 


Not applicable 


Converting the Service to OES 2015 or Later 


Novell Certificate Server provides the Certificate 
Authority and Server Certificate services. For OES 11 
SP2, the product has been rebranded as NetlQ 
Certificate Server. 


The Certificate Authority (CA) service is not cluster- 
enabled for NetWare or OES. There are no cluster- 
specific tasks for the CA itself. 


The Server Certificate service issues Server Certificate 
objects that might need to reside on each node ina 
cluster, depending on the service that is clustered. 
NetWare and Linux generate certificates differently, so 
the NetWare server’s certificate is not reused for the OES 
server. 


See Chapter 7, “eDirectory Server Certificates,” on 
page 59. 


The exteNd Application Server was discontinued as an 
install option for NetWare 6.5 SP3. It is not available for 
Linux. 


See also MySQL in this table. 





FTP 


No 


Use the Pure-FTPd service for Linux. 


See “Novell FTP (Pure-FTPd) and OES 2015” in the OES 
2015 SP1: Planning and Implementation Guide. 





iFolder 


No, but you can migrate 
the settings and data 


Novell iFolder 2.1x is not available on OES Linux. You 
must use Novell iFolder 3.x. 


After you add a Novell iFolder 3.x server to the NetWare 
cluster and before you finalize the cluster conversion, use 
iFolder migration procedures to migrate the iFolder 2.1x 
server configuration and user data from the source 
NetWare node to the target Linux node. See “Migrating 
iFolder Services” in the Novell iFolder 3.9.2 
Administration Guide. 





iPrint 


Yes 


See Chapter 12, “Novell iPrint,” on page 71. 





MySQL 


No 


Use the open source MySQL 5.5.x software that is 
offered under the GPL. A MySQL cluster template is 
available that uses a shared LVM volume group to store 
the database. 


See Chapter 13, “MySQL,” on page 77. 





NetStorage 


Not tested 


See “Configuring NetStorage with Novell Cluster 
Services” in the OES 2015 SP1 Beta: NetStorage 
Administration Guide for Linux. 





NFS 


No 


Use the standard NFS service for Linux. 





NSS pools and volumes 


Yes 


See Chapter 14, “Novell Storage Services Pools,” on 
page 95. 





Tomcat 


No 


Use the standard Tomcat 6.x service for Linux. 
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3.1 


Planning the Conversion of Load and 
Unload Scripts 


You can use a rolling cluster conversion to convert a Novell Cluster Services cluster from NetWare 
6.5 SP8 to Open Enterprise Server (OES) 2015 SP1. This section describes how to prepare for and 
perform the conversion, and how to manage the temporarily mixed cluster during the conversion. 


¢ Section 3.1, “Translation of Cluster Resource Scripts for Mixed NetWare and Linux Clusters,” on 
page 21 

¢ Section 3.2, “Comparing Script Length Limits for NetWare and Linux,” on page 22 

¢ Section 3.3, “Comparing Script Commands for NetWare and Linux,” on page 23 

¢ Section 3.4, “Comparing Master IP Address Scripts,” on page 23 

¢ Section 3.5, “Comparing NSS Pool Resource Scripts,” on page 24 

¢ Section 3.6, “Comparing File Access Protocol Commands in NSS Pool Resource Scripts,” on 
page 26 

¢ Section 3.7, “Customizing the Translation Syntax for Converting Load and Unload Scripts,” on 
page 28 

¢ Section 3.8, “Adding Monitor Scripts on Linux,” on page 29 


Translation of Cluster Resource Scripts for Mixed 
NetWare and Linux Clusters 


Novell Cluster Services includes specialized script translation functionality, called the Cluster 
Translation Library script (/opt /novell/nes/bin/clstrlib.py), to help NetWare and Linux servers 
coexist in the same cluster. It provides an automatic translation of the Master IP Address resource 
and cluster-enabled NSS pool resource load and unload scripts from NetWare to Linux. This 
functionality is also beneficial as you migrate NetWare cluster servers to Linux. 


The Cluster Translation Library reads the NetWare load and unload scripts from eDirectory, converts 
them, and writes them as Linux load and unload scripts. The Linux load and unload script files are 
then searched for NetWare-specific command strings, and the command strings are then either 
deleted or replaced with Linux-specific command strings. Separate Linux-specific commands are also 
added, and the order of certain lines in the scripts is also changed to function with Linux. 


During the rolling conversion, a resource’s Linux load and unload scripts is stored in cache on the 
Linux cluster node where the resource is mounted. The NetWare script for the resource continues to 
be stored in eDirectory until the conversion is finalized. The cluster resource name is used in the load 
and unload script file names. On Linux, scripts are stored in the /var/opt/novell/ncs/ directory. 





IMPORTANT: After the final conversion, you can use the Properties > Scripts page in the Clusters 
plug-in in iManager whenever you make manual changes to the load and unload scripts. The 
changes are automatically saved to the files. 





Planning the Conversion of Load and Unload Scripts 21 


The normal translations performed by the Cluster Translation Library are described in the following 
sections: 

¢ Section 3.3, “Comparing Script Commands for NetWare and Linux,” on page 23 

¢ Section 3.4, “Comparing Master IP Address Scripts,” on page 23 

¢ Section 3.5, “Comparing NSS Pool Resource Scripts,” on page 24 


¢ Section 3.6, “Comparing File Access Protocol Commands in NSS Pool Resource Scripts,” on 
page 26 





IMPORTANT: If the commands in cluster resource’s load or unload scripts are not part of the 
translation library, the cluster resource can end up in a comatose state. 





Novell Cluster Services allows you to customize the translation syntax that us used for load and 
unload scripts in mixed-platform situations by defining new syntax translations to be used in addition 
to the normal translations. See Section 3.7, “Customizing the Translation Syntax for Converting Load 
and Unload Scripts,” on page 28. 


3.2 Comparing Script Length Limits for NetWare and 
Linux 


Scripts have different size limits on NetWare and OES. In a mixed-mode cluster, the scripts for 
NetWare resources that are cluster migrated to OES nodes are restricted to the NetWare script-size 
limits until the final cluster convert command is issued. 


The maximum supported lengths for cluster scripts’ content are as follows: 








Script NetWare 6.5 Resources NetWare 6.5 Resources After the Final 
on NetWare Nodes on OES 11 or Later Conversion to OES 11 or 
Nodes Later 
Load script 924 bytes 924 bytes 3200 bytes 
Unload script 924 bytes 924 bytes 3200 bytes 
Monitor script Not supported Not supported 3200 bytes 


In cases where a Linux converted script exceeds the imposed NetWare script size limit, it is best to 
avoid bringing the resource online on OES nodes until the final cluster convert command has been 
run. 





IMPORTANT: Because the Linux script for GroupWise exceeds the length limit for NetWare scripts, 
we recommend that you do not online GroupWise resources while running in mixed-mode clusters. 
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3.3 


3.4 


Comparing Script Commands for NetWare and 
Linux 


Table 3-1 identifies some of the NetWare cluster load and unload script commands that the Cluster 
Translation Library script searches for and the Linux commands that it replaces them with (unless the 
commands are deleted). 


Table 3-1 Cluster Script Command Comparison 
































Action NetWare Cluster Command Linux Cluster Command 

Replace IGNORE ERROR add secondary ipaddress ignore error 
add_secondary_ipaddress 

Replace IGNORE ERROR del secondary ipaddress ignore error 
del_secondary_ipaddress 

Replace del secondary ipaddress ignore error 
del_secondary_ipaddress 

Replace add secondary ipaddress exit_on_error 
add_secondary_ipaddress 

Delete IGNORE ERROR NUDP (deletes the entire line) 

Delete IGNORE ERROR HTTP (deletes the entire line) 

Replace nss /poolactivate= nss /poolact= 

Replace nss /pooldeactivate= nss /pooldeact= 

Replace mount volume_name VOLID=number exit_on_error ncpcon mount 
volume_name=number 

Replace NUDP ADD clusterservername ipaddress exit_on_error ncpcon bind 
--ncpservername=ncpservername 
--ipaddress=ipaddress 

Replace NUDP DEL clusterservername ipaddress ignore error ncpcon unbind 
--ncpservername=ncpservername 
--ipaddress=ipaddress 

Delete CLUSTER CVSBIND (deletes the entire line) 

Delete CIFS (deletes the entire line) 


Comparing Master IP Address Scripts 





IMPORTANT: You can modify the Master IP Address of the cluster only after the cluster conversion is 
finalized. See “Moving a Cluster or Changing IP Addresses of Cluster Nodes and Resources” in the 
OES 2015 SP1 Beta: Novell Cluster Services for Linux Administration Guide. 





¢ Section 3.4.1, “Master IP Address Resource Load Script,” on page 24 


¢ Section 3.4.2, “Master IP Address Resource Unload Script,” on page 24 
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3.4.1 Master IP Address Resource Load Script 


This section provides examples of the master IP address resource load scripts on NetWare and 
Linux. 


+ “NetWare” on page 24 


+ “Linux” on page 24 


NetWare 


IGNORE ERROR set allow ip address duplicates = on 

IGNORE ERROR CLUSTER CVSBIND ADD BCCP Cluster 10.1.1.175 
IGNORE ERROR NUDP ADD BCCP Cluster 10.1.1.175 

IGNORE ERROR add secondary ipaddress 10.1.1.175 

IGNORE ERROR HTTPBIND 10.1.1.175 /KEYFILE:"SSL CertificateIP" 
IGNORE ERROR set allow ip address duplicates = off 


Linux 


#!/bin/bash 
. /opt/novell/nes/lib/nesfuncs 


ignore error add_secondary_ipaddress 10.1.1.175 -np 


exit 0 


3.4.2 Master IP Address Resource Unload Script 


This section provides examples of the master IP address resource unload scripts on NetWare and 
Linux. 


+ “NetWare” on page 24 


+ “Linux” on page 24 


NetWare 


IGNORE ERROR HTTPUNBIND 10.1.1.175 

IGNORE ERROR del secondary ipaddress 10.1.1.175 

IGNORE ERROR NUDP DEL BCCP Cluster 10.1.1.175 

IGNORE ERROR CLUSTER CVSBIND DEL BCCP Cluster 10.1.1.175 


Linux 


#!/bin/bash 

. /opt/novell/nes/lib/nesfuncs 

ignore error del _ secondary _ipaddress 10.1.1.175 
exit 0 


3.5 Comparing NSS Pool Resource Scripts 


¢ Section 3.5.1, “NSS Pool Resource Load Script,” on page 25 
¢ Section 3.5.2, “NSS Pool Resource Unload Script,” on page 25 
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3.5.1 


3.5.2 


NSS Pool Resource Load Script 


This section provides examples of the NSS pool resource load scripts on NetWare and Linux. 


+ “NetWare” on page 25 


+ “Linux” on page 25 


NetWare 


nss /poolactivate=HOMES POOL 

mount HOMES VOLID=254 

CLUSTER CVSBIND ADD BCC CLUSTER HOMES SERVER 10.1.1.180 

NUDP ADD BCC CLUSTER HOMES SERVER 10.1.1.180 

add secondary ipaddress 10.1.1.180 

CIFS ADD .CN=BCC_CLUSTER_HOMES SERVER.OU=servers.O=lab.T=TEST TREE. 


Linux 


#!/bin/bash 

/opt/novell/ncs/lib/nesfuncs 
exit_on_error nss /poolact=HOMES POOL 
exit_on_error ncpcon mount HOMES=254 
exit_on_error add_secondary_ipaddress 10.1.1.180 


exit _on_error ncpcon bind --ncpservername=BCC_CLUSTER_HOMES SERVER 
--ipaddress=10.1.1.180 


exit 0 


NSS Pool Resource Unload Script 


This section provides examples of the NSS pool resource unload scripts on NetWare and Linux. 


+ “NetWare” on page 25 


¢ “Linux” on page 25 


NetWare 


del secondary ipaddress 10.1.1.180 

CLUSTER CVSBIND DEL BCC CLUSTER HOMES SERVER 10.1.1.180 

NUDP DEL BCC CLUSTER HOMES SERVER 10.1.1.180 

nss /pooldeactivate=HOMES POOL /overridetype=question 

CIFS DEL .CN=BCC_CLUSTER_HOMES SERVER.OU=servers.O=lab.T=TEST TREE. 





Linux 


#!/bin/bash 
/opt/novell/ncs/lib/nesfuncs 


ignore _error ncpcon unbind --ncpservername=BCC_CLUSTER_HOMES SERVER 
--ipaddress=10.1.1.180 


ignore error del _ secondary _ipaddress 10.1.1.180 


ignore error nss /pooldeact=HOMES POOL 
exit 0 
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3.6 


3.6.1 


3.6.2 


Comparing File Access Protocol Commands in 
NSS Pool Resource Scripts 


¢ Section 3.6.1, “File Access Protocol Commands for Load Scripts,” on page 26 
¢ Section 3.6.2, “File Access Protocol Commands for Unload Scripts,” on page 26 


¢ Section 3.6.3, “File Access Protocol Commands for Monitor Scripts,” on page 27 


File Access Protocol Commands for Load Scripts 


This section provides examples of the file access protocol commands for NSS pool cluster resource 
load scripts on NetWare and Linux. 


+ “NetWare” on page 26 
+ “Linux” on page 26 


NetWare 
Protocol Script Command for Load Scripts 
NCP NUDP ADD NCS1_P1 SERVER 10.10.10.194 





Novell AFP AFPBIND ADD NCS1_P1_SERVER 10.10.10.204 





Novell CIFS  CIFS ADD .CN=NCS1_P1_SERVER.O=novell.T=CLUSTER. 





Linux 
Protocol Script Command for Load Scripts 
NCP # mount the NCP volume 
exit_on_error ncpcon mount $NCP_VOLUME=VOL_ID, PATH=SMOUNT_POINT 
exit_on_error ncpcon bind --ncpservername=NCS1_P1_SERVER 
--ipaddress=10.10.10.194 
Novell AFP exit_on_error cluster_afp.sh add NCS1_P1_ SERVER 10.10.10.204 





Novell CIFS exit_on_error novcifs --add --vserver=.CN=NCS1_P1_SERVER.O=novell.T=TREE-188. 
--ip-addr=<virtual_server_ip address> 


File Access Protocol Commands for Unload Scripts 


This section provides examples of the Novell AFP commands for NSS pool cluster resource unload 
scripts on NetWare and Linux. 


+ “NetWare” on page 27 


+ “Linux” on page 27 
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3.6.3 


NetWare 





Protocol Script Command for Unload Scripts 

NCP NUDP DEL NCS1_P1_SERVER 10.10.10.194 

Novell AFP AFPBIND DEL NCS1_P1_ SERVER 10.10.10.204 

Novell CIFS CIFS DEL .CN=NCS1_P1_SERVER.O=novell.T=TREE-188. 

Linux 

Protocol Script Command for Unload Scripts 

NCP ignore error ncpcon unbind --ncpservername=NCS1_P1_ SERVER 


--ipaddress=10.10.10.194 


# dismount the NCP volume 
ignore error ncpcon dismount $NCP_VOLUME 





Novell AFP ignore_error cluster_afp.sh del NCS1_P1_ SERVER 10.10.10.204 





Novell CIFS ignore error novcifs --remove 
--vserver=.CN=NCS1_P1_ SERVER.O=novell.T=TREE-188. 
--ip-addr=<virtual_server_ip address> 


File Access Protocol Commands for Monitor Scripts 


This section provides examples of the Novell AFP commands for NSS pool cluster resource monitor 
scripts on Linux. 


If AFP is enabled as an advertising protocol on an NSS pool cluster resource on NetWare, the AFP 
monitoring command is added to the new monitor script for the resource on OES. 


If CIFS is enabled as an advertising protocol on an NSS pool cluster resource on NetWare, the CIFS 
monitoring command is added to the new monitor script for the resource on OES. 


The default Time-out value for the Monitor script is set to 6 minutes. 


Monitoring is disabled while the cluster is in mixed mode. Monitoring can be enabled for the resource 
after the final cluster conversion is complete. See “Enabling Monitoring and Configuring the Monitor 
Script” in the OES 2015 SP1 Beta: Novell Cluster Services for Linux Administration Guide. 


+ “NetWare” on page 27 


+ “Linux” on page 28 


NetWare 


The Monitor script feature is not available in Novell Cluster Services for NetWare. 
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Linux 





Protocol Script Command for Load Scripts 
NCP exit_on_error ncpcon volume V_D 
Novell AFP exit_on_error afpstat 


Novell CIFS exit_on_error renovell-cifs monitor 


3.7 Customizing the Translation Syntax for 
Converting Load and Unload Scripts 


The syntax for load and unload scripts differs for NetWare and Linux platforms. A script that is valid 
for the NetWare platform is not necessarily recognized on the OES platform. In a mixed-platform 
cluster, a cluster resource’s load script and unload script must be translated to use the proper syntax 
when running on the NetWare or Linux nodes. Translation occurs in-memory while the cluster 
contains mixed-platform nodes, and during the final cluster conversion of the cluster from NetWare to 
Linux. 


The translation between NetWare and Linux versions of the load and unload scripts is performed by 
the Cluster Translation Library script (/opt /novell/nes/bin/clstrlib. py). The normal translations 
in the library are described in Section 3.1, “Translation of Cluster Resource Scripts for Mixed 
NetWare and Linux Clusters,” on page 21. If the commands in a cluster resource’s load or unload 
scripts are not part of the translation library, the cluster resource can end up in a comatose state. 


Novell Cluster Services allows you to customize the translation syntax that is used for load and 
unload scripts in mixed-platform situations by defining new syntax translations in the /var/opt/ 
novell/nes/customized_translation_syntax file that you create. The clstrlib.py script reads 
the additional translation syntax from the syntax file, and processes them in addition to the normal 
translations in the Cluster Translation Library. 


The customized translation supports using Python regular expressions to search for strings ((\S+)), 
digits ((\d+)), and other data types. The search is case insensitive. 





NOTE: Refer to information about Python regular expressions to learn how to create searches for 
other data types. 


In a text editor, create the customized_translation_syntax file with the additional translation 
syntax that you need, then copy the file to the /var/opt/novell/ncs/ directory on each Linux node 
in the mixed-platform cluster. 


The syntax file should contain a four-line command for each type of translation you want to add: 
<R|D> search_string 
[replacement_data] 


[preceding data] 


You can have any number of the four-line commands in the file. Use the following guidelines for 
creating the syntax translation commands: 
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3.8 


Line Description 


<R|D> Specify whether to replace (R) all matches or to delete (D) all matches of the 
data type you are looking for in the load or unload script. 








search string Specify the search string that is used to locate a line in the scripts. 
[replacement_data] Specify the replacement data used to replace a line matched by the search 
performed. 


Leave this line empty if there is no replacement. 





[preceding data] Specify a line to be inserted before the first line that is matched by the search 
performed. 


Leave this line empty if there is no line to be inserted before the first matching 
line. 


The following four lines are sample code for a search command in the customized_translation_syntax 
file. The fourth line is intentionally left empty. 


R 
“\s*bind\s+IP\s+ (\S+) \s (\S+) \staddress= (\d+\.\d+\.\d+\.\d+) 
ignore error bind IP \1 \2 address=\3\n 

exit_on error ip addr add \3/32 dev \1 


You can use the Cluster convert preview command to verify that the 
customized_translation_syntax file is working as intended for a particular resource. 


1 On the master node, open a terminal console as the root user, then enter 


cluster convert preview resource name 


Adding Monitor Scripts on Linux 


The monitor script is available for cluster resources in Novell Cluster Services for OES. However, ina 
mixed-mode cluster, the cluster resources that you cluster migrate from NetWare to Linux will not 
have a monitor script during the conversion process. A monitor script for each of the former NetWare 
cluster resources is created automatically after you perform the final cluster conversion step as 
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described in Section 4.4, “Finalizing the Cluster Conversion,” on page 39. 


After the conversion is finalized, you can use the Clusters plug-in for Novell iManager to enable 
monitoring independently for each cluster resource. On the Monitoring page (as shown in Figure 3-1) 
in the resource properties, you must specify a polling interval, a failure rate, a failure action, anda 
timeout value. These settings control how error conditions are resolved for the resource. 


Figure 3-1 Monitoring Page in the Cluster Resource Properties 


My Clusters > clus1.ncs.novell > P_D_SERVER 


@ P_D SERVER z 


Policies 





Preferred Nodes | Scripts _ Protocols | Business Continuity 


To monitor the health of this resource, enable Resouce monitoring. You can set the interval to poll 
the resource's health, and set an action if it fails to successfully load on the maximum number of 


local restarts. Changes other than business continuity changes made to a resource will not take 
affect until the resource is reloaded 


Enable Resource Monitoring 


Polling Interval: \1 | | Minutes $ 


Failure Rate 


Mavimum Local Failures: {3 | 
Time Interval: [10 || Minutes > | 


(Example: 3 Failures in S minutes) 


Failure Action 


the Failure rate settings are reached, perform the following action 
ZN, 
(@) SetResource as Comatose 
(O) Migrate the Resource based on the Preferred Nodes List 


D Rebootthe Hosting Node without Syncing of Unmounting Disks 


30 OES 2015 SP1: Novell Cluster Services NetWare to Linux Conversion Guide 


On the Monitor Script page in the resource properties, you must also configure the resource’s monitor 
script. You must take the resource offline and bring it online to apply the new settings. 


Figure 3-2 Monitor Script in the Cluster Resource Properties 


My Clusters > clust.ncs.novell > P_D_SERVER 


f P_D_SERVER [R] 





Protocols | Business Continuity 





Policies | Monitoring | Preferred Nodes 





Load Script | Unload Script 








View or edit the monitor script for this cluster resource. Changes other than business continuity 
changes made to a resource will not take affect until the resource is reloaded 


Script: 
2! /bin/ bash 
. Jopt/ novell/nes/ Lib/nesfuncs 
exit_on_error status_fs /dev/pool/P_D /opt/novell/nss/mt/ .pools/P_D nssp 
exit_on_error status_secondary_ipaddress 10.10.10.44 
exit_on_error rcnovell-cifs monitor 
exit_on_error afpstat 
exit 0 





OK Cancel Apply | 


Sample monitor scripts are available in the cluster resource templates for the various services on 
OES. The following is a sample monitor script for a pool cluster resource: 


#!/bin/bash 
/opt/novell/ncs/lib/nesfuncs 


# Check the pool status 
exit_on_error status_fs /dev/pool/P_D /opt/novell/nss/mnt/.pools/P_D nsspool 


# Check the resource status 
exit _on_error status secondary _ipaddress 10.10.10.44 


# Check the volume status 
exit_on_error ncpcon volume VOL D 


# Monitor the Novell CIFS service 
exit_on_error rcnovell-cifs monitor 


# Monitor the Novell AFP service 
exit_on_error afpstat 


exit 0 


There might not be a monitor script for iPrint. Print Manager has a built-in monitoring and restart 
capability. Using the iPrint commands in a cluster resource monitor script for iPrint might cause a 
conflict. 


For detailed information about configuring the monitoring options and scripts, see “Enabling 
Monitoring and Configuring the Monitor Script” in the OES 2015 SP1 Beta: Novell Cluster Services for 
Linux Administration Guide. 
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4.1 


Converting NetWare Clusters to OES 
Clusters 


You can use a rolling cluster conversion to convert a Novell Cluster Services cluster from NetWare 
6.5 SP8 to Open Enterprise Server (OES) 2015 SP1. This section describes how to prepare for and 
perform the conversion, and how to manage the temporarily mixed cluster during the conversion. 


¢ Section 4.1, “Converting NetWare Cluster Nodes to OES (Rolling Cluster Conversion),” on 
page 33 


¢ Section 4.2, “Adding New OES Nodes to Your NetWare Cluster,” on page 36 
¢ Section 4.3, “Removing NetWare Nodes from the Cluster,” on page 38 


¢ Section 4.4, “Finalizing the Cluster Conversion,” on page 39 


Converting NetWare Cluster Nodes to OES 
(Rolling Cluster Conversion) 


Performing a rolling cluster conversion from NetWare to OES lets you keep your cluster up and 
running and lets your users continue to access cluster resources while the conversion is being 
performed. 


During a rolling cluster conversion, one server is converted to Linux while the other servers in the 
cluster continue running NetWare. Then another server can be converted to OES, and then another, 
until all servers in the cluster have been converted to Linux. 


IMPORTANT: Before you begin, ensure that you system meets the requirements and caveats in 
“Planning for Novell Cluster Services” in the OES 2015 SP1 Beta: Novell Cluster Services for Linux 
Administration Guide. Also verify that your system meets the requirements in Chapter 1, “Planning 
the Cluster Conversion,” on page 9. 


If you are converting from NetWare on physical servers to OES on virtual servers (guest operating 
systems running on virtual machines), you can use the same methods and processes as those used 
on a physical server. No additional changes or special configuration is required. See “Mixed Physical 
and Virtual Node Clusters” in the OES 2015 SP1 Beta: Novell Cluster Services for Linux 
Administration Guide. 





To perform a rolling cluster conversion from NetWare to OES: 


1 Before you add the first Linux node to the NetWare cluster, if the NetWare cluster uses an SBD, 
ensure that the device (or devices) being used by the SBD are marked as Shareable for 
Clustering. 


You can use NSSMU or iManager to mark the SBD devices as shareable. It is not necessary to 
bring the cluster down when changing the device attribute to Shareable for Clustering. 


Using NSSMU: 
1a Log into the master node of the NetWare cluster as the administrator user. 


1b Enter nssmu at the server console prompt. 
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1c Inthe NSSMU main menu, select Devices. 


1d In the Devices list, highlight the device that contains the SBD partition, then press F5 to 
select it. 


1e Press F6 to mark the device as Shareable for Clustering. 


1f Ifthe SBD partition is mirrored, repeat Step 1d and Step 1e to also mark the mirror device 
as Shareable for Clustering. 


1g Press Esc to exit NSSMU. 
2 Make a note of the services that are installed on the server you are converting. 
You might want to install the same components on the Linux node if they are available. 
3 On the NetWare server that you want to convert to Linux, remove eDirectory. 


You can do this by running NWConfig, then selecting Directory Options <install NDS> > Remove 
Directory Services from this server. 


4 Bring down the NetWare server you want to convert to Linux. 


Any cluster resources that were running on the server should fail over to another server in the 
cluster. 


You can also manually cluster migrate the resources to another server in the cluster prior to 
bringing down the server. This prevents the resources from failing back to the node after you 
have completed the upgrade. 


5 Use eDirectory tools to remove (delete) the NetWare node’s Cluster Node object, the Server 
object, and all objects related to the downed NetWare server. 


Depending on your configuration, there could be 10 or more objects that relate to the downed 
NetWare server. 


6 Run DSRepair from another server in the eDirectory tree to fix any directory problems. 
If DSRepair finds errors or problems, run it multiple times until no errors are returned. 


7 Install OES on the server, but do not install the Novell Cluster Services option in OES Services at 
this time. 


You can use the same server name and IP address that were used on the NetWare server. This 
is suggested, but not required. 


See the OES 2015 SP1: Installation Guide for more information. 
8 Set up and verify SAN connectivity for the Linux node. 
Consult your SAN vendor documentation for SAN setup and connectivity instructions. 
9 Install Novell Cluster Services and add the node to your existing NetWare 6.5 cluster. 
9a Log into the OES server as the root user. 
9b In YaST, select Open Enterprise Server > OES Install and Configuration. 
9c On the Software Selection page under OES Services, click Novell Cluster Services. 


Services that you have already installed are indicated by a blue check mark in the status 
check box next to the service. 


For information about other install options, see “Installing Novell Cluster Services during an 
OES Installation” in the OES 2015 SP1 Beta: Novell Cluster Services for Linux 
Administration Guide. 


9d Click Accept to begin the install, then click Continue to accept changed packages. 


9e Continue through the installation process until you reach the Open Enterprise Server 
Configuration page. 
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Reconfigure LDAP Configuration of Open Enterprise Services to specify the credentials for 
the container administrator user (or non-administrator user) who has the eDirectory rights 
needed to install Novell Cluster Services. 


For information about what rights are needed, see “Assigning Install Rights for Container 
Administrators or Non-Administrator Users” in the OES 2015 SP1 Beta: Novell Cluster 
Services for Linux Administration Guide. 


9f1 On the Open Enterprise Server Configuration page under LDAP Configuration of Open 
Enterprise Services, click the disabled link to enable re-configuration. 


The sentence changes to Reconfiguration is enabled. 


9f2 Click the LDAP Configuration of Open Enterprise Services link to open the LDAP 
Configuration page. 


9f3 Specify the following values: 


+ Admin name and context: The user name and context (in LDAP form) of the 
container administrator user (or non-administrator user) who has the eDirectory 
rights needed to install Novell Cluster Services. 


+ Admin password: The password of the container administrator (or a non- 
administrator user). 


9f4 Click Next. 
The install returns to the Open Enterprise Server Configuration page. 


9g On the Open Enterprise Server Configuration page under Novell Cluster Services, click the 
disabled link to enable configuration. 


The sentence changes to Configuration is enabled. 


9h Click the Novell Cluster Services link to open the Novell Cluster Services Configuration 
page. 

Click Existing Cluster, specify the fully distinguished name (FDN) of the cluster, then click 
Next. 


9i 


IMPORTANT: Use the comma format illustrated in the example. Do not use dots. 





This is the name and eDirectory context of the cluster that you are adding this server to. 


9j Select the IP address that Novell Cluster Services will use for this node. 


— 


Some servers have multiple IP addresses. This step lets you choose which IP address 
Novell Cluster Services uses. 


9k Deselect Start Services Now. 
9 


9m After the install is complete, use the Software Updater (or other update methods) to install 
any patches from the OES patch channel and the SUSE Linux Enterprise Server patch 
channel for the installed versions of OES and SLES. 


Click Next, then continue through the rest of the OES installation. 


10 If you have a shared disk system on the cluster, enter sbdutil -f at the Linux terminal console 
to verify that the node can see the cluster (SBD) partition on the SAN. 


sbdutil -f also tells you the device on the SAN where the SBD partition is located. 
11 Reboot the server. 
12 (Optional) Manually migrate the resources that were on the old server nodes to this Linux server. 


Some cluster resources for services on NetWare cannot be used on Linux. See Chapter 1, 
“Planning the Cluster Conversion,” on page 9. 


Converting NetWare Clusters to OES Clusters 35 


The resources can automatically fail back if all of the following apply: 
+ The failoback mode for the resources was set to Auto. 


+ You used the same node number for this Linux server that was used for the former NetWare 
server. 


This only applies if this Linux server is the next server added to the cluster. 
+ This Linux server is the preferred node for the resources. 
13 Continue with Section 4.2, “Adding New OES Nodes to Your NetWare Cluster,” on page 36. 


4.2 Adding New OES Nodes to Your NetWare Cluster 


You can add new OES cluster nodes to your existing NetWare cluster without bringing down the 
cluster. 


1 Before you add the first Linux node to the NetWare cluster, if the NetWare cluster uses an SBD, 
ensure that the device (or devices) being used by the SBD are marked as Shareable for 
Clustering. 


You can use NSSMU or iManager to mark the SBD devices as shareable. It is not necessary to 
bring the cluster down when changing the device attribute to Shareable for Clustering. 


Using NSSMU: 

1a Log into the master node of the NetWare cluster as the administrator user. 
1b Enter nssmu at the server console prompt. 

1c In the NSSMU main menu, select Devices. 


1d In the Devices list, highlight the device that contains the SBD partition, then press F5 to 
select it. 


1e Press F6 to mark the device as Shareable for Clustering. 


1f If the SBD partition is mirrored, repeat Step 1d and Step 1e to also mark the mirror device 
as Shareable for Clustering. 


1g Press Esc to exit NSSMU. 


2 Install OES on the new node, but do not install the Novell Cluster Services option from OES 
Services at this time. 


See the “OES 2015 SP1: Installation Guide” for more information. 
3 Set up and verify SAN connectivity for the new OES node. 

Consult your SAN vendor documentation for SAN setup and connectivity instructions. 
4 Install Novell Cluster Services on the OES node. 
5 After the install, add the server to the NetWare cluster: 


For detailed instructions, see “Adding a Node to an Existing Cluster” in the OES 2015 SP1 Beta: 
Novell Cluster Services for Linux Administration Guide. 


5a Log in to the OES server as the root user. 
5b In YaST, select Open Enterprise Server > OES Install and Configuration. 


5c On the Software Selection page under OES Services, verify that Novell Cluster Services is 
selected, then click Accept to continue to the configuration. 


Services that you have already installed are indicated by a blue check mark in the status 
check box next to the service. 
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5d On the Software Configuration page, enable Novell Cluster Services configuration, then 
click the Novell Cluster Services link. 


5e When you are prompted, enter the credentials of the LDAP administrator that is configured 
for the server. 


5f On the Novell Cluster Services Configuration page, add the server to the existing NetWare 
cluster, then click Next. 





Parameter Action 
New or Existing Cluster Select Existing Cluster. 
Cluster FDN Browse to select the Cluster object for the 


NetWare cluster, or type the cluster fully 
distinguished name. 


For example: 


cn=nwcluster,ou=clusters,o=mycompany 


5g On the Proxy User Configuration page, specify one of the following users as the NCS Proxy 
user, then click Next. 


+ OES Common Proxy User: If the OES Common Proxy User is enabled in eDirectory, 
the Use OES Common Proxy User check box is automatically selected and the NCS 
Proxy User Name and Specify NCS Proxy User Password fields are populated with the 
credentials of the OES Common Proxy User. 


¢ LDAP Admin User: If the OES Common Proxy User is disabled in eDirectory, the Use 
OES Common Proxy User check box is automatically deselected and the NCS Proxy 
User Name and Specify NCS Proxy User Password fields are populated with the 
credentials of the LDAP Admin user. The fields are also automatically populated with 
the LDAP Admin credentials if you deselect the Use OES Common Proxy User check 
box. 


+ Another Administrator User: Deselect the Use OES Common Proxy User check box, 
then specify the credentials of an administrator user. 


You can reset the default settings by clicking Back to return to the Novell Cluster Services 
Configuration page, then clicking Next to continue again to the Proxy User Configuration 
page. 

5h On the Configuration page, specify the following parameters, then click Finish. 


Parameter Action 
IP address of this node If the server has multiple network adapters, 


select the IP address that Novell Cluster Services 
will use for this node. 





Start Cluster Services now Deselect the check box. You will start Novell 
Cluster Services software on this node manually 
for the conversion process. 
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5i On the OES Server Configuration page, scroll down to the Novell Cluster Services entry to 
review the summary of the Cluster Services configuration, then click Next. 


Wait while Novell Cluster Services is configured. 


5j After the configuration is completed, click Finish to exit the OES Configuration page, then 
exit YaST. 


6 If you have a shared disk system on the cluster, enter sbdutil -f at the Linux terminal console 
to verify that the node can see the cluster (SBD) partition on the SAN. 


sbdutil -f will also tell you the device on the SAN where the SBD partition is located. 

7 Start cluster software by going to the /etc/init.d directory and running novell-nes start. 
You must be logged in as root to run novell-nes start. 

8 Add and assign cluster resources to the new Linux cluster node. 


See “Configuring Preferred Nodes and Node Failover Order for a Resource” in the OES 2015 
SP1 Beta: Novell Cluster Services for Linux Administration Guide. 


9 After you have added OES nodes and cluster migrated all resources to OES nodes, continue 
with Section 4.3, “Removing NetWare Nodes from the Cluster,” on page 38. 


4.3 Removing NetWare Nodes from the Cluster 


After your OES cluster nodes are set up and resources have been migrated to them from the 
NetWare nodes, you are ready to remove the NetWare nodes from the cluster. 


To remove the NetWare nodes from the cluster: 


1 Log in to the NetWare node as the administrator user. 


2 Check the cluster status and verify that all cluster resources have been migrated to the Linux 
nodes. 


cluster status 
3 Remove the NetWare node from the cluster by entering 


cluster leave 


4 Stop Novell Cluster Services from running on the NetWare node by entering 





uldnes 
5 Remove the NetWare node’s Cluster Node object and the NCS attributes from its Server object. 


5a In aweb browser, open iManager, then log in to the eDirectory tree that contains the node 
you want to manage. 





IMPORTANT: Log in as an administrator user who has sufficient rights in eDirectory to 
delete and modify eDirectory objects. 
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5b Delete the node’s Cluster Node object from the cluster container: 
5b1 Select Directory Administration > Delete Objects. 


5b2 Browse to the Cluster container (È?) of the cluster, locate and select the Cluster Node 
object (P) for the NetWare node in the container, then click OK. 


5b3 On the Delete Objects page, click OK, then click OK again to confirm the deletion of the 
Cluster Node object. 


5c Select Directory Administration > Modify Object, select the NetWare node’s Server object, 
remove its NCS attributes, then click OK to save and apply your changes. 


6 Repeat this process to remove each of the remaining NetWare nodes in the cluster. 


7 After you have removed each NetWare node from the cluster and removed each node’s Cluster 
Node object and the NCS attributes from its Server object, continue with Section 4.4, “Finalizing 
the Cluster Conversion,” on page 39. 


Finalizing the Cluster Conversion 


After you have converted all nodes in a former NetWare 6.5 SP8 cluster to OES, you must finalize the 
conversion process by issuing the cluster convert command on one Linux cluster node. The 
cluster convert command moves cluster resource load and unload scripts from the files where 
they were stored on Linux cluster nodes to the Cluster Resource objects in eDirectory. This enables a 
Linux cluster that has been converted from NetWare to utilize eDirectory like the former NetWare 
cluster. 





WARNING: After you finalize the cluster conversion, rollback to NetWare is not supported. All of the 
scripts for the NetWare nodes are deleted and are no longer available. 





To finalize the cluster conversion: 


1 Log in as the root user on one of the Linux cluster nodes, then open a terminal console. 


2 Verify that NetWare nodes are not part of the cluster. At the command prompt, enter 


cluster status 


If there is a NetWare node, remove it as described in Section 4.3, “Removing NetWare Nodes 
from the Cluster,” on page 38. 


3 Verify that every NetWare nodes Node objects and NCS attributes in the Server object are 
properly removed from eDirectory. 


In iManager, use the Directory Administration role to verify that each former NetWare node’s 
Cluster Node object was removed and that the NCS attributes were removed from its Server 
object. See Step 5 in Section 4.3, “Removing NetWare Nodes from the Cluster,” on page 38. 


4 Verify the load and unload scripts for the cluster resources that you migrated from NetWare to 
OES. For each resource, enter the following at the command prompt: 


cluster convert preview resource name 


The preview switch lets you view the resource load and unload script changes that will be made 
when the conversion is finalized. 


Replace resource_name with the name of a resource that you want to preview. You can preview 
the information for all cluster resources by issuing the command without specifying a resource 
name. You can use the cluster convert preview command at any time before the cluster 
conversion is finalized. 


Converting NetWare Clusters to OES Clusters 39 


40 


5 After you have confirmed the readiness of the cluster to be finalized, run cluster convert 


commit as the root user at the terminal console of one Linux cluster node to finalize the 
conversion. 





WARNING: After the cluster convert commit command is given, the conversion is finalized. 
There is no rollback to NetWare. 





The cluster convert commit command generates or regenerates the cluster resource 
templates that are included with Novell Cluster Services for Linux. In addition to generating Linux 
cluster resource templates, this command deletes all NetWare cluster resource templates that 
have the same name as Linux cluster resource templates. 


The cluster resource templates are automatically created when you create a new Linux cluster, 
but are not created when you convert an existing NetWare cluster to Linux. 


Update the cluster configuration on all nodes by running the cluster configuration daemon. Enter 
the following command as the root user on every node in the cluster: 


/opt/novell/ncs/bin/nes-configd.py -init 


This removes the NetWare nodes from the list of nodes in the cluster so they are not displayed in 
iManager. 
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Novell AFP 


Novell Apple Filing Protocol (AFP) for Linux is available for Open Enterprise Server (OES) 2015 SP1. 


After you set up Novell AFP on the Linux node and before you finalize the NetWare-to-Linux 
conversion, use the AFP function in the Migration Tool to convert the configuration. See “Migrating 
AFP to OES 2015 SP1” in the OES 2015 SP1: Migration Tool Administration Guide. 


The commands in the scripts are also different. After the migration, modify the load and unload scripts 


on the Linux server. See Section 3.6, “Comparing File Access Protocol Commands in NSS Pool 
Resource Scripts,” on page 26. 


AFP on Linux supports NCP cross-protocol file locking, which allows NCP, AFP, and CIFS users to 
access files on an NSS volume concurrently without data corruption by locking the files across 
protocols. On Linux, the cross-protocol file locking parameter for NCP Server is enabled by default. 
Verify that the Cross-Protocol File Locking parameter is enabled on each node in the cluster if you 
plan to give both NCP users and AFP users access to NSS volume in the cluster. See “Configuring 
Cross-Protocol File Locks for NCP Server” in the OES 2015 SP1 Beta: NCP Server for Linux 
Administration Guide. 
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Apache HTTP Server 


The Apache HTTP Server is an open source web server developed by the Apache Software 
Foundation (http://www.apache.org). On an Open Enterprise Server (OES) 11 or later cluster, you can 
use Novell Cluster Services to cluster the web content for your personalized websites. The Apache 
service is not cluster aware and must run on each server in the cluster. 


This section describes key considerations for configuring the Apache virtual hosts for your 
personalized websites. The scripts for your existing Apache cluster resources and the resource’s 
node preferences must be manually modified to use Apache commands for Linux when you convert a 
cluster from NetWare to Linux. 


¢ Section 6.1, “Prerequisites for Reusing NetWare Apache Cluster Resources on Linux,” on 
page 43 

¢ Section 6.2, “Using Apache HTTP Server on OES Servers,” on page 44 

¢ Section 6.3, “Converting the Apache Cluster Resource,” on page 56 

¢ Section 6.4, “Troubleshooting the Apache HTTP Server,” on page 57 


¢ Section 6.5, “Additional Information,” on page 58 


Prerequisites for Reusing NetWare Apache 
Cluster Resources on Linux 


The following setup is required to reuse the Apache cluster resources from your NetWare cluster: 


+ When you install OES services on the server, Novell-ready versions of Apache 2 (Prefork, 64-bit) 
and Tomcat 6 are automatically installed and configured. You manually manage Apache services 
with the Apache configuration files. Use a text editor to create or modify the configuration files, 
then gracefully restart the Apache HTTP Server daemon (rcapache2 graceful) to apply the 
changes. 


WARNING: Do not install the Linux Web and LAMP pattern. Do not use the HTTP Server option 
in YaST to configure Apache or virtual host settings on an OES server. It overwrites essential 
OES settings for Apache and breaks the existing setup. For recovery information, see 

Section 6.4.1, “Apache Server Errors after Using the HTTP Server Option in YaST,” on page 57. 





¢ To reuse an NSS pool cluster resource that contains your web content, you must install Novell 
Storage Services for Linux on each OES node in the cluster. See “Installing and Configuring 
Novell Storage Services” in the OES 2015 SP1: NSS File System Administration Guide for Linux. 


¢ If you host multiple websites on a single server on NetWare, you must configure an Apache 
virtual host for each website on one OES node, then copy the configuration files to every OES 
node in the cluster. 


¢ In a Novell Cluster Services cluster, the directories you specify in the DocumentRoot directive 
and any Alias directives for a virtual host should reside on the same cluster resource so they 
can fail over together. The location that contains the web content should be a directory on the 
volume, not the root of the volume. Specify the full Linux path of the directory. Linux paths are 
case sensitive. 
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For example, Novell Cluster Services scripts assume that the pool’s volumes are mounted in the 
default NSS location of /media/nss/<volume_name>. The full Linux path of the /www/mysite 
path on an NSS volume APACHEVOL is 


/media/nss/APACHEVOL/www/mysite 
¢ The following permissions are required: 


+ The user wwwrun must be the file owner of the website directories and files. The group can 
be the system root or the Apache group www. 


¢ If web content resides on an NSS volume, the following additional permissions are required: 


+ Enable the eDirectory user wwwrun and group www with Linux User Management 
(LUM). OES automatically creates and LUM-enables the user and group when you 
install the first OES server in an eDirectory tree. 


+ Assign the eDirectory user wwwrun as a file system trustee with Read and File Scan 
rights for the directory you specify in the DocumentRoot directive in the virtual host 
configuration file. 


These permissions are also required for web content hosted on an NCP-enabled Linux 
volume. 


For information about the default OES setup for Apache and setting up virtual hosts, see Section 6.2, 
“Using Apache HTTP Server on OES Servers,” on page 44. 


6.2 Using Apache HTTP Server on OES Servers 


When you set up OES services on the server, Novell-ready versions of Apache 2 HTTP Server 
software (Prefork, 64-bit) and Tomcat 6 are automatically installed. Apache and the OES Welcome 
website are automatically configured for non-secure port 80 and secure port 443. The Apache HTTP 
Server daemon (httpd2) starts automatically on server restart. 


To set up personalized websites, you must manually create a virtual host configuration file for each 
website. Templates for secure SSL virtual host and non-secure virtual host configuration files are 
available in the /etc/apache2/vhosts.d/ directory. Use a text editor to create or modify the 
configuration files, then gracefully restart the Apache HTTP Server daemon (rcapache2 graceful) 
to apply the changes. 





WARNING: Do not use the HTTP Server option in YaST to configure Apache or virtual host settings 
on an OES server. It overwrites essential OES settings for Apache and breaks the existing setup. For 
recovery information, see Section 6.4.1, “Apache Server Errors after Using the HTTP Server Option 
in YaST,” on page 57. 





¢ Section 6.2.1, “Understanding the Default OES Setup of Apache HTTP Server,” on page 45 

¢ Section 6.2.2, “Manually Configuring Apache,” on page 46 

¢ Section 6.2.3, “Creating and Configuring a Virtual Host for Each Website,” on page 47 

¢ Section 6.2.4, “Requiring Strong Ciphers,” on page 49 

¢ Section 6.2.5, “Configuring an SSL Certificate for the Server,” on page 50 

¢ Section 6.2.6, “Configuring Apache to Listen on Multiple Ports,” on page 51 

¢ Section 6.2.7, “Configuring Permissions for the Website DocumentRoot Directory,” on page 51 
¢ Section 6.2.8, “Configuring a Web Location that Requires LDAP Authentication,” on page 53 

¢ Section 6.2.9, “Starting, Stopping, or Restarting the Apache Daemon,” on page 55 

¢ Section 6.2.10, “Viewing the Apache Log Files,” on page 56 
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6.2.1 


Understanding the Default OES Setup of Apache HTTP 
Server 


When you install services from the OES Add-On disk, the following Apache setup is configured: 


+ “Apache and Tomcat Installation” on page 45 

+ “Apache HTTP Server Configuration” on page 45 

+ “Apache User wwwrun and Group www” on page 45 

¢ “Virtual Host for the OES Welcome Website” on page 46 

¢ “Secure SSL Virtual Host for the Default Website” on page 46 

¢ “Secure SSL Virtual Host for the Novell iManager Website” on page 46 


Apache and Tomcat Installation 


Novell-ready versions of Apache 2 HTTP Server software (Prefork, 64-bit) and Tomcat 6 are 
automatically installed when you set up OES services on a server. 


Apache HTTP Server Configuration 


OES configures Apache settings in the /etc/sysconfig/apache2 global configuration file and the / 
etc/apache2/conf.d/oes_ httpd.conf configuration file. 


The /etc/sysconfig/apache2 configuration file controls some global settings of Apache, such as 
modules to load, additional configuration files to include, server flags to apply when the Apache HTTP 
Server daemon (httpdz) is started, and flags that should be added to the command line. 


Apache User wwwrun and Group www 


Apache uses the user wwwrun identity to serve files to clients of your website. OES and Apache 
configure the following during the OES installation: 


+ The Apache installation creates a local group www and user wwwrun on the server. 


You configure the user wwwrun as the file owner of the website’s main directory and files. 


+ OES creates the group www and the user wwwrun in eDirectory when you install an OES server in 
an eDirectory tree for the first time. The user wwwrun is added as a member of the group www. 
The user novlxsrvd is also created and added to the group www. 


+ OES enables the group www and its member users (wwwrun and novlxsrvd) for Linux with Linux 
User Management (LUM). 


If your website is hosted on an NSS volume or an NCP-enabled Linux volume, you must assign 
the eDirectory user wwwrun as a file system trustee of the website’s main directory, and give the 
trustee Read and File Scan rights. 


For information about changing the file owner or configuring a file system trustee, see Section 6.2.7, 
“Configuring Permissions for the Website DocumentRoot Directory,” on page 51. 
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6.2.2 


Virtual Host for the OES Welcome Website 


OES automatically configures the OES Welcome website in the /etc/opt/novell/httpd/conf.d/ 
welcome-apache.conf file. Listening is set up on port 80 in the /etc/apache2/listen.conf file. 
Port 80 is opened in the firewall. The Apache HTTP Server daemon (httpd2) starts automatically on 
server restart. 


Apache serves the Welcome page for the OES server at 


http://<server_dns_or_ip_address> 


Secure SSL Virtual Host for the Default Website 


OES automatically configures a default secure virtual host (_default_:443) inthe /etc/apache2/ 
vhost .d/vhost-ssl.conf file. It sets up listening on port 443 in the /etc/apache2/listen.conf 
file. It opens port 443 in the firewall. The default virtual host configuration is automatically loaded first. 
It is also used when a domain name does not match a virtual host configuration. The default virtual 
host defines a custom log /var/log/apache2/ssl_request_1log to capture events for SSL 
requests. An Include directive in the /etc/apache2/vhost .d/vhost-ssl.conf file automatically 
loads the virtual hosts that are defined in the /etc/opt/novell/httpd/sslconf.d/*.conf files. 


Secure SSL Virtual Host for the Novell iManager Website 


If you install Novell iManager on an OES server, the iManager installation automatically configures a 
secure virtual host for iManager and Novell Portal Services (NPS) in the /etc/opt/novell/ 
iManager/nps-Apache.conf file. A symbolic link in the /etc/opt/novell/httpd/sslconf .d/ 
directory points to the nps-Apache. conf file. This allows the virtual host to be automatically included 
along with the default secure virtual host when Apache is restarted. 


Aliases are defined in the nps-Apache. conf file to hit the website with any of the following URLs: 
https://<server_dns_or_ip_address>/nps/iManager.html 
https://<server_dns_or_ip_address>/nps 


https://<server_dns_or_ip_address>/iManager.html 


Manually Configuring Apache 


On OES servers and Novell Open Workgroup Suite (NOWS) Small Business Edition (SBE) servers, 
you must manually configure Apache settings, OES virtual hosts, and virtual hosts for your 
personalized websites. Use a text editor to create or modify the configuration files, then gracefully 
restart the Apache HTTP Server daemon (rcapache2 graceful) to apply the changes. 





WARNING: Do not use the HTTP Server option in YaST to manage Apache or the virtual host 
settings on an OES server. It overwrites essential OES settings for Apache and breaks the existing 
setup. For recovery information, see Section 6.4.1, “Apache Server Errors after Using the HTTP 
Server Option in YaST,” on page 57. 





For information about using the configuration files to manage your Apache HTTP Server and virtual 
hosts, see “Configuring Apache Manually” (http:/Awww.suse.com/documentation/sles11/ 
book_sle_admin/data/sec_apache2_configuration.html#sec_apache2_configuration_manually) in the 
SLES 11 Administration Guide (http:/Avww.suse.com/documentation/sles11/book_sle_admin/data/ 
book_sle_admin.html). 
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6.2.3 


Creating and Configuring a Virtual Host for Each Website 


On Linux, the Apache HTTP server can serve multiple universal resource identifiers (URIs) from a 
single instance of Apache running on the server. That is, multiple websites, such as 
www.example.com and www.example.net, can be run from a single web server. Each website is 
referred to as a virtual host. Virtual hosts can be name based, IP based, or port based. 


You can set up personalized websites by manually creating a virtual host configuration file for each 
website. Templates for secure SSL virtual host and non-secure virtual host configuration files are 
available in the /etc/apache2/vhosts.d/ directory. 


When you cluster-enable the web content by using Novell Cluster Services, use the IP address of the 
cluster resource for the virtual host. This ensures that the website traffic is directed to the cluster node 
where the web content cluster resource is currently active. Do not use the server node’s IP address 
or the master IP address of the cluster. Specify the Linux file path to the web content. 


On OES servers, you create and configure a separate virtual host configuration file for each website 

that you want to host in the cluster. The following procedure provides basic information about setting 
up the file. Refer to other sections in this document to learn about the key settings that are available. 

For detailed information, see the Apache Virtual Host documentation website (http://httpd.apache.org/ 
docs/2.2/vhosts/). 


1 Choose an OES node in the cluster, then log in as the root user. 


2 Create a copy of the virtual host template file in the /etc/apache2/vhosts.d/ directory. 


The /etc/apache2/vhosts.d/ directory contains a basic template (vhost .template) for a non- 
secure virtual host and an SSL template (vhost -ssl.template) for a secure virtual host. 


3 Rename the file with a name for your virtual host, and add the . conf file extension, such as 
mysite-Apache.conf. 


4 Open the virtual host file in a text editor and configure the virtual host settings for your 
personalized website: 


4a Ifthe web content is clustered with Novell Cluster Services, set the VirtualHost directive 
to the IP address or DNS host name assigned to the cluster resource: 


<VirtualHost hostname> 


For example, if the DNS name is mysite.example.com, specify mysite as the 
VirtualHost. 


<VirtualHost mysite> 


4b Set the value of the DocumentRoot directive to the Linux path of the directory where you 
placed your web content, and specify the directory options for this location. 


The target directory must contain an index.html file, which is the root document for the 
virtual host. Specify the Linux path to the directory. For example, if you place your web 
content in an NSS volume path APACHEVOL: \www\mysite, the Linux path is /media/nss/ 
APACHEVOL/www/mysite 


DocumentRoot "/media/nss/APACHEVOL/www/mysite" 


<Directory "/media/nss/APACHEVOL/www/mysite"> 
# Possible options are "None", "All" or any combination of: 
# Indexes Includes FollowSymLinkx SymLinksifOwnerMatch ExecCGI MultiViews 


Options Indexes MultiViews 

AllowOverride None 

Order allow,deny 

Allow from all 
</Directory> 
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4c Configure the host settings as desired for other directives in the file. 


The minimum settings for a non-secure website are shown in the following example: 


<VirtualHost mysite> 
DocumentRoot "/media/nss/APACHEVOL/www/mysite" 


ServerAdmin mysite-admin@example.com 
ServerName mysite.example.com 


ErrorLog /var/log/apache2/error_log 
TransferLog /var/log/apache2/access_log 
#CustomLog /var/log/apache2/mysite.example.com-access_ log combined 


HostnameLookups On 
UseCanonicalName On 
ServerSignature Off 
<Directory "/media/nss/APACHEVOL/www/mysite"> 


# Possible options are "None", "All" or any combination of: 
# Indexes Includes FollowSymLinkx SymLinksifOwnerMatch ExecCGI MultiViews 


Options Indexes MultiViews 

AllowOverride None 

Order allow,deny 

Allow from all 
</Directory> 


</VirtualHost> 


4d (Optional) Specify alias paths in the virtual host configuration file. 


For example, specify an alias for a Support web location that has a support directory at the 
same level as mysite. Include the Alias and Directory directives before the </ 
VirtualHost> close tag. 


Alias /support "/media/nss/APACHEVOL/www/support" 
<Directory "media/nss/APACHVOL/www/support"> 
Options Indexes MultiViews 
AllowOverride None 
Order deny,allow 
Allow from all 
</Directory> 


For information about alias paths that require LDAP authentication, see Section 6.2.8, 
“Configuring a Web Location that Requires LDAP Authentication,” on page 53. 


4e Save the virtual host configuration file. 


5 (Optional) In the /etc/apache2/listen.conf file, add a Listen directive that specifies the IP 
address that you assigned to your cluster-enabled pool, and specify the port to use. 


OES configures Apache to listen on non-secure port 80 by default. It listens for all traffic. 
6 Make the websites visible on your network or to the world: 
6a Add the site name and IP address resolution to your DNS server to make them visible. 
6b If you use a non-standard port, open the port in the node’s firewall. 
6c If the traffic is from outside the firewall, open the port in the network firewall. 


7 Gracefully restart the Apache HTTP Server daemon to apply the virtual host configuration: 


rceapache2 graceful 


Each .conf file is automatically included in the Apache configuration when you restart Apache. 
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8 Set up the virtual host for each of the remaining nodes: 
8a Log in to the next node as the root user. 


8b Copy the virtual host configuration file (Such as /etc/apache2/vhosts.d/mysite- 
apache.conf) to the next node. 


8c Create a local Linux path to the website that you specified in the DocumentRoot directive 
and to any paths you specified in Alias directives, then make the user wwwrun the owner of 
the directory and its contents. 


When Apache is started or restarted, it looks for the paths specified in your website’s virtual 
host configuration file. If a path does not exist, Apache reports an error but it loads the 
virtual host. Users access the site via the IP address or DNS name of the cluster resource, 
so web content is served only on the node where the resource is active. 


When a cluster resource is not active on a node, the volume subdirectory (such as 
APACHEVOL) in the /media/nss directory is normally removed, and the path to the website 
does not exist. Creating the local path allows Apache to find the path even when the 
resource is not active on the node, and no error is reported when Apache loads. When the 
resource is taken offline, NSS does not remove the volume directory because it is now non- 
empty (it contains the local paths you create). The local path should not contain files. To add 
or remove web content files, access the NSS volume via the IP address of the cluster 
resource. 


Enter the following commands for the website path and alias paths. The chown command 
changes the group to the Apache www group unless the group is the root user. 


mkdir -p /media/nss/<volume_name>/<path> 
chown wwwrun:www /media/nss/<volume_name>/<path> 
For example, enter 
mkdir -p /media/nss/APACHEVOL/www/mysite 
chown wwwrun:www /media/nss/APACHEVOL/www/mysite 


mkdir -p /media/nss/APACHEVOL/www/support 





chown wwwrun:www /media/nss/APACHEVOL/www/support 


8d Open a terminal console as the root user, then gracefully restart Apache: 


reapache2 graceful 


8e Repeat these steps on each of the remaining nodes in turn. 





IMPORTANT: Any time that you make changes to the virtual host configuration file, you must copy 
the modified file to every node in the cluster, and gracefully restart Apache on each node. 


Requiring Strong Ciphers 
We recommend that you secure your web solution by requiring strong ciphers when the client is 


negotiating the connection in the SSL handshake. 


In OES 11 SP1 and later servers, the weak SSL ciphers are disabled by default in the /etc/ 
apache2/vhosts.d/vhost-ssl.conf file: 


# SSL Cipher Suite: 
SSLCipherSuite ALL: !aNULL: !eNULL: !SSLv2:!LOW: ! EXP: !MD5:@STRENGTH 
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On OES 11 and earlier servers, we recommend that you enable only the strongest ciphers: RSA, 
HIGH, and SSLv2. 


To enable strong ciphers and disable weak ciphers in OES 11 and earlier: 


1 Ina text editor, modify the /etc/apache2/vhosts.d/vhost-ssl.conf file to require strong 
ciphers. Modify the default settings by placing a plus sign (+) before RSA, HIGH, and SSLv2, 
and placing an exclamation mark (!) before the weaker ciphers: 


# SSL Cipher Suite: 
SSLCipherSuite ALL: !ADH: !EXPORT56:RC4+RSA:+HIGH: !MEDIUM: !LOW:+SSLv2: ! EXP: !eNULL 





2 Gracefully restart Apache on the server: 


reapache2 graceful 


3 Repeat this process on every Linux node in the cluster. 


You can alternatively copy the Apache SSL configuration file (/etc/apache2/vhosts.d/vhost - 
ssl.conf) to every Linux node in the cluster, and then restart Apache. 


6.2.5 Configuring an SSL Certificate for the Server 


OES automatically configures secure SSL communications for a default virtual host 
(_default_:443). SSL is enabled in the Apache global configuration file (/etc/sysconfig/apache2) 
with the following directive: 


APACHE SERVER _FLAGS="SSL" 


The default SSL configuration is defined in the /etc/apache2/vhosts.d/vhost-ssl.conf file. It 
uses an INCLUDE directive for the /etc/opt/novell/httpd/sslconf.d/*.conf files. This target 
directory contains the configuration files (or symbolic links to them) for OES virtual hosts that require 
SSL, such as the nps-Apache. conf file that is used for the Novell iManager tool. 


By default, OES sets up an SSL certificate file and key file for the server by using certificates 
generated with the eDirectory Server Certificates service in NetIQ Certificate Server. Table 6-1 
identifies the location of the SSL certificate and key files that are referenced by the 
ssLCertificateFile and SSLCertificateKeyFile directives in the /etc/apache2/vhosts.d/ 
vhost-ssl.conf file. 


Table 6-1 Default OES Server Certificates 





OES Server Certificate File Location 
SSL Certificate File /etc/ssl/servercerts/servercert.pem 
SSL Certificate Key File /etc/ssl/servercerts/serverkey.pem 





IMPORTANT: If you use SSL, set up a server certificate for each virtual host unless you use a 
wildcard certificate. 





If you modify the content or location of the certificate and key files, gracefully restart the Apache 
HTTP Server daemon (rcapache2 graceful) to apply the new values. 
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6.2.7 


Configuring Apache to Listen on Multiple Ports 


The Listen directive in the /etc/apache2/listen.conf file tells the Apache HTTP Server to accept 
incoming requests on the specified port or an address-and-port combination. If the directive specifies 
only a port, the server listens to the given port on all interfaces. If the directive specifies an IP address 
and port combination, the server listens on the given port and network interface. 


By default, OES configures Apache to listen on non-secure port 80 and secure port 443 in the /etc/ 
apache2/listen.conf file. If a firewall is used on the server, port 80 and port 443 are automatically 
opened in the firewall. The ports are not bound to a particular IP address, so Apache responds to 
requests on all IP interfaces on the server. 


Listen 80 


<IfDefine SSL> 
<IfDefine !NOSSL> 
<IfModule mod_ssl.c> 
Listen 443 
</IfModule> 
</IfDefine> 
</IfDefine> 


You can configure multiple Listen directives to specify multiple IP addresses and ports. The server 
responds to requests from any of the listed addresses and ports. For information about formats and 
options for the Listen directive, see the Listen Directive (http://httpd.apache.org/docs/2.2/mod/ 
mpm_common.html#listen) in the Apache MPM Common Directives collection. 


If you configure non-standard ports for your personalized websites, you must add a Listen directive 
in the /etc/apache2/listen.conf file, then gracefully restart the Apache HTTP Server daemon 
(rcapache2 graceful) to apply the changes. Ensure that you open the port in the firewall. 


Configuring Permissions for the Website DocumentRoot 
Directory 


Apache uses the user wwwrun identity to serve files to clients of your website. You must configure 
permissions for the website content that allow Apache to serve the files to client users. 


¢ “Setting the User wwwrun as the Owner of the Website’s Directory and Files” on page 51 


¢ “Setting User wwwrun as a File System Trustee of the Website’s Directory” on page 52 


Setting the User wwwrun as the Owner of the Website’s Directory 
and Files 
The user wwwrun must be the file owner of the website’s main directory and files. 


1 Log in as the root user, and open a terminal console. 


2 Change directory to go to the directory that contains the main directory of your website. This is 
the directory you specify as the DocumentRoot in the virtual host configuration file. 


For example, if the DocumentRoot iS /media/nss/APACHEVOL/www/mysite, enter 


cd /media/nss/APACHEVOL/www 


3 Change the owner of the website’s directory and files to user wwwrun. Enter: 
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chown -R wwwrun:www mysite 


This recursively modifies the owner to user wwwrun for the directory and the subdirectories and 
files it contains. It changes the group to www unless the group is set to the root user. 


4 Ina file browser, view the directory’s properties to verify that the owner was changed. 


mysite Properties 


= 
| Basic | Emblems | Permissions | Open With | Notes | Share 

















File owner: | wwwun - WWW daemon apache a | 
File group: | root = | 
Owner: v| Read iY] Write e] Execute 
Group: <) Read [V] Write [¥| Execute 
Others: W| Read rj Write iv] Execute 


Special flags: |_| Set user ID 
g Set group ID 


E Sticky 


Text view: drwxrwxrwx 
Number view: 777 


Last changed: Fri Apr 5 19:18:00 2013 


| @ r | | X Gose 








You can also use the 1s -al <path> command to list the directory and view the owner, group, 
and permissions. 


Setting User wwwrun as a File System Trustee of the Website’s 
Directory 
OES automatically creates the user wwwrun and group www in eDirectory. Both are LUM-enabled. You 


can verify their configuration by using the Directory Administration option and Linux User 
Management option in Novell iManager. 


If your website is hosted on an NSS volume or an NCP-enabled Linux volume, you must assign the 
eDirectory user wwwrun as a file system trustee of the website’s main directory, and give the trustee 
Read and File Scan rights. You can also set the www group as a trustee with Read and File Scan 
rights. 

1 Log in to Novell iManager as an administrator user. 

2 In the iManager toolbar, click the View Objects icon. 


3 Inthe Tree view, select the volume, then browse the file system to locate the directory that 
contains your website’s content. 


Select the check box next to the directory, then select Actions > Properties. 
On the Properties page, select Rights. 
Click the Add Trustee browse icon to open the Object Selector. 


N Oo of f 


Locate and select the user wwwrun, then click OK. 
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The user wwwrun is added as a trustee with the default Read and File Scan rights. 


| Hel 


Properties: 






Files and Folders 


Information | Gen | Inherited Rights 





Trustees SOR W C E ne eee 
[X] wwwrun.novell ~ 0 ! 
Add Trustee: | a (te [=] 


Inherited Rights Filter 


Uncheck to filter rights inherited from parent directories 





~ Supervisor ~ Read x] Write ~ Create 
W! Erase l! Modify \¥) FileScan Y! Access Control 
Ok |__Cancet_| Apply | Refresh | 





8 Click Apply or OK to save the changes. 


6.2.8 Configuring a Web Location that Requires LDAP 
Authentication 


If you have documents or a location that requires restricted web access, you can set up Apache to 
enforce eDirectory authentication and force the authentication to be done over https. This solution 
can be used on individual directories, URLs, or the entire Apache server. 


The following example creates a single secure location so that any document that is referenced under 
the directory requires authentication. For example, the URL www.example.com can have public 
access, while the URL www.example.com/secure and documents it contains require authentication. 
Authentication should be done over a secure connection (https) rather than a non-secure connection 
(http). All http attempts are redirected to https for the given location. 


1 Ensure that the rewrite module is enabled in the /etc/sysconfig/apache2 global 
configuration file. OES enables this module by default. 


Open the /etc/sysconfig/apachez2 file in a text editor, and verify that rewrite is listed in the 
modules defined in the APACHE MODULES directive. 


2 Configure the permissions for the user wwwrun on the target directory: 


2a Change the owner to the Apache user wwwrun: 
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chown -R wwwrun:www /media/nss/APACHEVOL/www/secure 


This changes the group to the Apache group www unless the group is the root user. 


2b For an NSS volume or an NCP-enabled Linux volume, configure the user wwwrun as a file 
system trustee of the /media/nss/APACHEVOL/www/secure directory, and give the trustee 
Read and File Scan rights. 


See “Setting User wwwrun as a File System Trustee of the Website’s Directory” on page 52. 


3 Ina text editor, create a copy of the /etc/apache2/vhosts.d/vhosts-ssl.template file to 
create a secure.conf configuration file. 


4 Allow for all http requests for the /secure alias to be redirected to https. Add the following 
directives to the secure.conf file: 


RewriteEngine On 
RewriteRule */secure https://%{SERVER_NAME}/secure [L,R] 


5 If the location that contains secure information exists outside the DocumentRoot directory, create 
an alias to the directory. Add the following line to the secure. conf file: 


Alias /secure "/<path_to_directory>/secure" 


For a cluster resource, the secure directory ideally resides on the same clustered volume as the 
website, and at the same directory level as DocumentRoot for the website: 


Alias /secure "/media/nss/APACHEVOL/www/secure" 


6 Under the Alias directive, add the option for LDAP authentication under the Directory directive 
in the secure. conf file. Specify the IP address or DNS name of the website’s cluster resource. 


<Directory "media/nss/APACHVOL/www/secure"> 

Options Indexes MultiViews 

AllowOverride None 

Order deny,allow 

Allow from all 

AuthType Basic 

AuthName "Protected" 

require valid-user 

AuthLDAPAuthoritative On 

AuthLDAPURL ldaps://<cluster_resource_ip_address_or_dns_name>/o=corp?uid?sub 
</directory> 


7 Save the /etc/apache/vhosts.d/secure.conf file. 
8 Open a terminal console as the root user, then gracefully restart the Apache daemon: 


rcapache2 graceful 
9 Verify that Apache is able to start. 


If there are errors, make corrections in the configuration file, then restart the Apache daemon. 


10 In a web browser, go to the website with http and verify that you are redirected to https, and 
that you can authenticate against the /secure alias. 
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Starting, Stopping, or Restarting the Apache Daemon 


The Apache HTTP Server program runs as a daemon (httpd2) that executes continuously in the 
background to handle requests. OES configures the daemon to start automatically on system restart. 
You must restart Apache to apply any changes you make to the Apache or virtual host configuration 
files, or to add new virtual host configuration files. A graceful restart does not disrupt the service. 


In a cluster, you manually copy the virtual host configuration files for clustered personalized websites 
to every node in the cluster. When Apache starts on each node, it reads the configuration file and is 
available to serve the site when the resource is active on the node. You do not add Apache 
commands in the resource’s load and unload scripts. All requests to a clustered website are sent to 
the DNS name or IP address of the cluster resource, and not to a specific node. The site’s requests 
are served by the Apache process that runs on the node where the cluster resource is currently 
active. 


To start, stop, or restart the Apache daemon, use the /usr/sbin/rcapache2 commands in Table 6-2: 


Table 6-2 /usr/sbin Commands 


Command Description 


rceapache2 start Starts the ht tpd2 parent process. The parent process reads its 
configuration files and opens log files, and then spawns the child 
processes to serve hits. 


OES configures the Apache daemon to start automatically on server 
restart. 





rcapache2 stop Causes the parent process to immediately attempt to kill all of its child 
processes. This can take several seconds. The parent exits after all child 
processes have exited. Any requests in progress are terminated, and no 
further requests are served. 





rcapache2 graceful-stop Causes the parent process to advise its child processes to exit after their 
current request (or to exit immediately if they are not serving anything). The 
parent removes its PID file and ceases listening on all ports. The parent 
continues to run, and monitors child processes that are handling requests. 
The parent exits after the child processes complete the pending requests 
and exit, or when a timeout period has elapsed (as specified by the 
GracefulShutdownTimeout). If the timeout is reached, any remaining 
child processes are automatically sent the TERM signal to force them to 
exit, and any requests in progress are terminated. 





rcapache2 restart Causes the parent process to immediately kill its child processes like the 
stop option, but the parent does not exit. It re-reads its configuration files, 
and re-opens any log files. Then it spawns a new set of child processes 
and continues serving hits. 


rcapache2 graceful Causes the parent process to advise the child processes to exit after their 
current request (or to exit immediately if they are not serving anything). The 
parent re-reads its configuration files and re-opens its log files. As each 
child dies, the parent replaces it with a child from the new generation of the 
configuration, which begins serving new requests immediately. 
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6.2.10 Viewing the Apache Log Files 


The following Apache log files are located in the /var/log/apache2/ directory: 


access log 
error_log 
rcapache2.out 
rewrite _log 


ssl _request_log 


You can also specify custom logs by adding the CustomLog directive to your virtual host configuration 
file. For information about formatting the custom log, see Apache Module mod_log_config (http:// 
httpd.apache.org/docs/2.2/mod/mod_log_config.html). 


6.3 Converting the Apache Cluster Resource 


Before you convert the Apache Cluster Resource to run on Linux servers, ensure that your servers 
meet the Prerequisites for Reusing NetWare Apache Cluster Resources on Linux. 


1 Configure the virtual hosts for your personalized websites on each Linux node in the cluster as 
described in Section 6.2, “Using Apache HTTP Server on OES Servers,” on page 44. 

2 In iManager, offline the NSS pool cluster resource from a NetWare node. 

3 In iManager, modify the load and unload scripts to remove the Apache start and stop commands. 


4 In iManager, cluster migrate the cluster resource to a Linux node. The new load script applies 
when the resource loads. 


5 Offline the Apache cluster resource. 


Leave the resource offline until all Linux nodes have been added and the cluster conversion has 
been finalized. 


6 In iManager, set up the preferred nodes for the Apache cluster resource to include only Linux 
nodes in the cluster. 


7 Finalize the steps to complete the cluster conversion, then commit the conversion. 


8 Online the Apache cluster resource. 


cluster online <resource_name> [node_name] 


9 In a web browser, access your website to ensure that the files are available. 
If you get permission errors, check the following: 


+ The user wwwrun should be set as a file system trustee of the directory that is used as the 
DocumentRoot for the website. Assign Read and File Scan rights to the trustee. 


+ The user wwwrun should be set as the file owner of the web content. 


See Section 6.2.7, “Configuring Permissions for the Website DocumentRoot Directory,” on 
page 51. 


10 Cluster migrate the resource to each node in the cluster in turn, and access the website from a 
web browser to ensure the site is accessible from each of its preferred nodes. 


11 Cluster migrate the resource to its most preferred node. 
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6.4 


6.4.1 


6.4.2 


Troubleshooting the Apache HTTP Server 


This section describes some issues you might experience with Apache HTTP Server and provides 
suggestions for resolving or avoiding them. For additional troubleshooting information, see the Novell 
Technical Support Knowledgebase (http://www.novell.com/support). 


¢ Section 6.4.1, “Apache Server Errors after Using the HTTP Server Option in YaST,” on page 57 
¢ Section 6.4.2, “Files Downloaded from NetStorage Are 0 Bytes,” on page 57 


Apache Server Errors after Using the HTTP Server Option in 
YaST 

If you use the HTTP Server option in YaST to manage Apache or virtual hosts, the option can 
overwrite essential OES settings and load the wrong modules, which breaks the default Apache 


HTTP Server setup. See TID 7002562 (http://www.novell.com/support/kb/doc.php?id=7002562) in 
the Novell Knowledgebase. 


If you have used the HTTP Server option in YaST and Apache is no longer working, recover the OES 
default Apache HTTP Server setup by doing the following: 


1 As the root user, open the /etc/sysconfig/apachez2 file in a text editor and modify the 
following directives: 


+ Proxy module: In the APACHE MODULES: line in the file, ensure that the proxy module is 
listed before the proxy_ajp module. For example (some modules are not listed for ease of 
reading the example): 


APACHE MODULES="cgi dir rewrite ssl proxy proxy_ajp ssl" 


¢ SSL module: In the APACHE MODULES: line in the file, ensure that the ss1 module is listed. 
For example (some modules are not listed for ease of reading the example): 


APACHE MODULES="cgi dir rewrite ssl proxy proxy_ajp ssl" 


+ Prefork mode: Apache should run in prefork mode rather than worker mode. To force 
this, ensure that the APACHE _MPM=""' line is set to "prefork". For example: 


APACHE MPM="prefork" 


¢ SSL: Ensure secure communications by enabling the SSL flag. For example: 


APACHE SERVER_FLAGS="SSL" 


2 Gracefully restart Apache to apply the changes. As the root user, enter the following command 
at a console prompt: 


rceapache2 graceful 


Files Downloaded from NetStorage Are 0 Bytes 


After you lock down ciphers for an Apache HTTP Server to use only the strongest SSL ciphers, all of 
the files downloaded from NetStorage are 0 bytes in size. 


NetStorage might not work as expected if you lock down Apache HTTP Server to disallow low and 
medium SSL ciphers. Try allowing medium SSL cipher settings to see if that is sufficient, then add 
back low cipher settings if necessary. 
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For other SSL cipher configuration options, see SSL/TLS Strong Encryption: How-To (http:// 
httpd.apache.org/docs/2.2/ssl/ssl_howto.html) at Apache.org. 


6.5 Additional Information 


The latest Apache documentation is available on the Apache HTTP Server Version 2.2 
Documentation website (http://httpd.apache.org/docs-2.2/). 
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7.1 


7.1.1 


eDirectory Server Certificates 


NetIQ Certificate Server provides two categories of services: Certificate Authority (CA) and eDirectory 
Server Certificates. 


+ The Certificate Authority services include the Enterprise CA and CRL (Certificate Revocation 
List). Only one server can host the CA, and normally that same server hosts the CRLs if they are 
enabled (although if you move the CA to a different server, the CRLs usually stay on the old 
server). The CA and CRL services are not cluster-enabled. There are no cluster-specific tasks 
for them. 


+ The eDirectory Server Certificates service is not clustered. However, clustered applications that 
use the server certificates must be able to use the same server certificates on whichever cluster 
node they happen to be running. You must set up Server Certificate objects in a clustered 
environment to ensure that your cryptography-enabled applications that use Server Certificate 
objects always have access to them. 


The Server Certificates objects are created differently on Linux, and cannot be directly reused from 
the NetWare server. The differences and alternatives for setting up certificates for OES servers are 
described in the following sections: 

¢ Section 7.1, “Server Certificates Changes in OES 11 and Later,” on page 59 

¢ Section 7.2, “Using Internal Certificates in a Cluster,” on page 60 


¢ Section 7.3, “Using External Certificates in a Cluster,” on page 60 


Server Certificates Changes in OES 11 and Later 


The Server Certificates service can create certificates for eDirectory services to use when you install 
the operating system. In addition, custom certificates can be created after the install by using Novell 
iManager or command line commands. 

¢ Section 7.1.1, “Using eDirectory Server Certificates in a Cluster,” on page 59 


¢ Section 7.1.2, “Using eDirectory Server Certificates for HTTPS Services,” on page 60 


Using eDirectory Server Certificates in a Cluster 


In a NetWare cluster, you might have copied the Server Certificate objects to all nodes in the cluster 
using backup and restore functions for Server Certificate objects. This functionality is also available 
for OES clusters. You can use the backup and restore feature for Server Certificate objects to 
duplicate the object’s keying material from one node on the cluster to all nodes. 


For information about setting up server certificates in a Novell Cluster Services cluster, see the 
following sections of the NetIQ Certificate Server Administration Guide: 


+ “Server Certificate Objects and Clustering” 
¢ “Backing Up a Server Certificate Object” 


+ “Restoring a Server Certificate Object” 
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7.1.2 
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7.2 


7.3 


Using eDirectory Server Certificates for HTTPS Services 


For NetWare, OES2 or later, all applications are integrated with eDirectory. This allows applications to 
automatically use the server certificates created by Certificate Server directly from eDirectory. 


However, for OES1, many native Linux applications (such as Apache and Tomcat) are not integrated 
with eDirectory and therefore, cannot automatically use the certificates created by Certificate Server 
directly from eDirectory. By default, these services use the self-signed common server certificate 
created by YaST: 


+ Certificate file: /etc/ssl/servercerts/servercert .pem 


¢ Key file: /etc/ssl/servercerts/serverkey.pem 


Self-signed certificates provide minimal security and limited trust, and are not in compliance with the 
X.509 requirements as specified in RFC 2459 and RFC 3280. We recommend that you use 
eDirectory certificates instead. 


When installing OES2 or later on Linux, the YaST installer provides a configuration screen that allows 
you to specify whether you want to automatically configure the server to export eDirectory Server 
Certificates to the file system, eliminating the need to manually configure the server through 
iManager. It's selected by default. If selected, it automatically replaces the existing server certificate 
and key files (YaST or third-party) with an eDirectory server certificate and key files. 


For more information on how to manually configure OES1 servers to use eDirectory certificates, see 
NetlQ Certificate Server Administration Guide. 


Using Internal Certificates in a Cluster 


NetIQ Certificate Server can be used to create certificates that allow you to specify an alternative IP 
address or DNS address by adding it in the Subject Alternative Name extension. This requires that 
your DNS service be configured to reflect the cluster IP/DNS address as the default (or first) address. 
If the DNS service is set up correctly, the cluster applications can use the default certificates without 
needing any administration. 


Ensure that the DNS service is configured to use the cluster IP/DNS address. During the OES install, 
select the Use eDirectory Certificates option so that NetIQ Certificate Server automatically creates 
the SSL Certificate DNS certificate with the correct IP/DNS address. By selecting the Use eDirectory 
Certificates option during the installation and using the cluster IP/DNS address, clustered applications 
should be able to access the certificates without needing further configuration for the Server 
Certificate object. 


Using External Certificates in a Cluster 


External (third-party) certificates create a Server Certificate object that includes the cluster's IP and/or 
DNS address. Create a backup of this certificate. For each server in the cluster, create a Server 
Certificate object with the same name by importing the previously created backup certificate and key 
pair to a location on that server. This allows all of the servers in the cluster to use and share the same 
certificate and key pair. After all cluster nodes have the certificate, configure the cluster applications 
to use the server certificate. 





IMPORTANT: This cluster task can also be used for sharing internal certificates on the cluster nodes. 
In early versions of Certificate Server, this was the only option available. 
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For information about exporting and using eDirectory Server Certificates for External Services, see 
“Using eDirectory Certificates with External Applications” in the NetIQ Certificate Server 
Administration Guide. 


The external certificate method is more complicated than using internal certificates. You must create 
the certificate for each server in the cluster just as you did for NetWare. You must also create a 
configuration on the SAS:Service object for each server so that the common certificate is 
automatically exported to the file system where the non-eDirectory enabled applications can use it. 
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Novell CIFS 


Novell CIFS for Linux is available for Open Enterprise Server (OES) 2015 SP1. 


After you set up Novell CIFS on the Linux node and before you finalize the NetWare-to-Linux 
conversion, use the CIFS function in the Migration Tool to convert the configuration. See “Migrating 
CIFS to OES 2015 SP1” in the OES 2015 SP1: Migration Tool Administration Guide. 


The commands in the scripts are also different. After the migration, you can view the revised load and 
unload scripts on the Linux server. See Section 3.6, “Comparing File Access Protocol Commands in 
NSS Pool Resource Scripts,” on page 26. 


IMPORTANT: If the cluster resource goes comatose on the Linux server, there might be a timing 
issue for loading Novell CIFS. Add a sleep command of 5 or more seconds before the novcifs -add 
command. For example: 


sleep 5 
exit_on_error novcifs --add --vserver=.CN=NCS1_P1_SERVER.O=novell.T=TREE-188. 
--ip-addr=10.10.10.205 





CIFS supports NCP cross-protocol file locking, which allows NCP, AFP, and CIFS users to access 
files on an NSS volume concurrently without data corruption by locking the files across protocols. On 
Linux, the cross-protocol file locking parameter for NCP Server is enabled by default. Verify that it is 
enabled on each node in the cluster if you plan to give both NCP users and CIFS users access to an 
NSS volume in the cluster. See “Configuring Cross-Protocol File Locks for NCP Server” in the OES 
2015 SP1 Beta: NCP Server for Linux Administration Guide. 


CIFS supports the merged view for Novell Dynamic Storage Technology (DST) shadow volumes built 
with NSS volumes. Wait until the cluster conversion is complete before attempting to set up DST 
shadow volumes in the OES cluster. 
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9.1 


Novell Distributed File Services VLDB 


The Novell Distributed File Services volume location database (VLDB) .dat file format is the same on 
both NetWare and Linux. The shared NSS volume that contains the . dat file can be cluster migrated 
to the Linux server. 


Use one of these two methods for migrating the VLDB from NetWare to Linux: 


¢ Section 9.1, “Cluster Migrating the Shared NSS Volume for the VLDB,” on page 65 
¢ Section 9.2, “Adding a Linux Server as a Replica Site,” on page 66 


Cluster Migrating the Shared NSS Volume for the 
VLDB 


Use this method if you want to use the same shared disk where the VLDB is currently stored. 


1 For each Linux node where you expect to run the VLDB service, install Novell Storage Services 
and any of its dependent services on the Linux node, then add it to the mixed cluster that you are 
converting. 


2 For each of the Linux nodes, assign the node’s nssadmin user as a trustee of the container that 
is configured as the Management Context for the VLDB, and give the user at least the Read and 
Compare rights to the [All Attribute Rights] property. 





IMPORTANT: If the Management Context is configured to use the container that contains a 
node’s Server object, the nssadmin User object for that server is already a trustee of the 
container and has the Supervisor right. Do not modify the existing rights settings for this 
nssadmin User object when you add rights for the [All Attribute Rights] property. 

2a In iManager, select Rights > Modify Trustees. 

2b Select the container that is configured as the Management Context, then click OK. 

2c Click Add Trustee, select the nssadmin User object, then click OK. 


The nssadmin User object is in the same container as its server. The user name format is 
servnameadmin.context. For example, if the server name is server1 .oul .mycompany, then 
serverladmin.ou1.mycompany is the nssadmin user name. 


2d Click Assigned Rights for the selected nssadmin User object. 
2e Assign the Read and Compare rights to the [AII Attribute Rights] property, then click Done. 
2 


2g Repeat Step 2c through Step 2f for each of the Linux nodes where you expect to run the 
VLDB service. 


3 Cluster migrate the DFS cluster resource from NetWare to Linux. 


> 


Click Apply to save and apply the changes. 


4 On the Linux node where the VLDB is active, offline the DFS cluster resource. 


5 Remove the NetWare clusters from the cluster by using the cluster leave command, then 
finish the cluster conversion. 


This automatically updates the basic cluster commands in the cluster resource scripts. 
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6 Using the Clusters plug-in in iManager, modify the load script of the DFS cluster resource to 
change the vldb command to the Linux format. For example, change it from 


vldb /dir=vldbpath 
to 
vldb -dir /vldbpath 


7 Online the cluster resource. 
8 Run a VLDB repair to ensure that the database is correct. 


9.2 Adding a Linux Server as a Replica Site 


Use this method if you want to use a different shared disk for the VLDB on Linux. You can do this by 
adding a DFS replica site on Linux. 


1 Install OES on the server that you want to add to the cluster. Ensure that Novell Storage 
Services and any of its dependent services are installed. 


2 Assign the node’s nssadmin user as a trustee of the container that is configured as the 
Management Context for the VLDB, and give the user at least the Read and Compare rights to 
the [All Attribute Rights] property. 





IMPORTANT: If the Management Context is configured to use the container that contains a 
node’s Server object, the nssadmin User object for that server is already a trustee of the 
container and has the Supervisor right. Do not modify the existing rights settings for this 
nssadmin User object when you add rights for the [All Attribute Rights] property. 





2a In iManager, select Rights > Modify Trustees. 
2b Select the container that is configured as the Management Context, then click OK. 
2c Click Add Trustee, select the nssadmin User object, then click OK. 


The nssadmin User object is in the same container as its server. The user name format is 
servnameadmin.context. For example, if the server name is server1.oul.mycompany, then 
serverladmin.ou1.mycompany is the nssadmin user name. 


2d Click Assigned Rights for the selected nssadmin User object. 
2e Assign the Read and Compare rights to the [AII Attribute Rights] property, then click Done. 
2f Click Apply to save and apply the changes. 


3 Create a shared NSS pool and volume on the OES server, or create a shared Linux POSIX 
volume. 


4 In iManager, add the Linux server as the second VLDB replica site for the DFS management 
context, and point to the shared NSS volume as the VLDB location. 


Allow the VLDB data to synchronize between the NetWare replica and the Linux replica. 
In iManager, remove the NetWare instance of the replica site. 


Add the Linux server to the mixed-mode NetWare cluster. 


on OO A 


Continue with the cluster conversion as described in Section 4.1, “Converting NetWare Cluster 
Nodes to OES (Rolling Cluster Conversion),” on page 33. 
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10.1 


10.2 


10.3 


DHCP Server 


The Novell DHCP Server for Linux is based on a standards-compliant implementation from ISC that is 
distributed with SUSE Linux Enterprise Server. DHCP uses a different schema on Linux to store the 
configuration in eDirectory. 


After you set up Novell DHCP Server on the Open Enterprise Server SP1 and before you complete 
the cluster conversion, you can use the DHCP option for the Migration Tool to convert the 
configuration from NetWare to OES. You cannot directly reuse the data. Migrate your DHCP server 
data, then perform the post-migration tasks to set up the configuration in the OES nodes of the 
cluster. 

¢ Section 10.1, “Setting Up Novell DHCP on OES,” on page 67 

èe Section 10.2, “Prerequisites for Migration,” on page 67 


¢ Section 10.3, “Migrating the DHCP Configuration from NetWare to Linux Clusters in the Same 
Tree,” on page 67 


¢ Section 10.4, “Post-Migration Tasks,” on page 68 


Setting Up Novell DHCP on OES 


Novell DHCP Server for OES 11 and later supports using a shared Linux POSIX file system or a 
shared NSS file system for the cluster resource. Set up DHCP on the OES servers by using one of 
the following methods in the OES 2015 SP1 Beta: Novell DNS/DHCP Services for Linux 
Administration Guide: 

+ “Configuring DHCP with Novell Cluster Services for the NSS File System” 


+ “Configuring DHCP with Novell Cluster Services for the Linux File System” 


Prerequisites for Migration 


For more information about prerequisites, see “Migration Requirements” for DHCP in the OES 2015 
SP1: Migration Tool Administration Guide. 


Migrating the DHCP Configuration from NetWare 
to Linux Clusters in the Same Tree 


In this scenario, both the NetWare server and the OES server are in the same eDirectory tree. The 
NetWare source server must be running NetWare 6.5 SP8 with the latest patches applied. The Linux 
target server must be running OES 2015 SP1 on 64-bit hardware. 


Run the DHCP function in the Migration Tool from one of the OES nodes. Perform the Tree Level 
Migration with the same Source server (tree to which NetWare clustered nodes are attached) and 
Target server (tree to which the Linux clustered nodes are attached). This ensures that the entire 
NetWare DHCP configuration data is available for OES DHCP. 
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See “Migrating DHCP ” in the OES 2015 SP1: Migration Tool Administration Guide, and follow the 
instructions for NetWare and Linux in the same eDirectory tree. 





IMPORTANT: Before starting the DHCP server on the Linux cluster, stop the DHCP server on the 
NetWare cluster. 





10.4 Post-Migration Tasks 


1 Log in as the root user to the OES node where you ran the migration, then open a terminal 
console 


2 Online the DHCP service cluster resource by entering 


cluster online resource_name 
3 On the Linux node where you ran the migration: 
3a Open the /mount_path/etc/dhcpd.conf file in a text editor. 


Replace mount_path with the Linux path to the folder in the shared volume where DHCP- 
specific directories are created. 


3b Inthe /mount_path/etc/dhepd.conf file, change the value for the 1dap-dhcp-server-cn 
parameter to the cn of the migrated DHCP server, then save your changes. 


3c Copy the migrated_server.leases file from /var/opt /novell/dhcp/leases/ folder or to 
the lease path specified in the Migration Tool to the /mount_path/var/1lib/dhcep/db/ 
folder, then rename it to dhcpd. leases. 


4 Stop the DHCP server on the NetWare cluster by taking the NetWare DHCP cluster resource 
offline. 


5 Start the DHCP server on the Linux cluster. 


renovell-dhcpd start 
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DNS Server 


You can migrate the data from the Novell DNS Server on NetWare to a Novell DNS Server on Linux 
after you have installed and set up DNS services on an Open Enterprise Server (OES) 2015 SP1 
node in the cluster. You cannot directly reuse the data. 

¢ Section 11.1, “Prerequisites for Migration,” on page 69 


¢ Section 11.2, “Migrating the DNS Configuration from NetWare to Linux Clusters in the Same 
Tree,” on page 69 


¢ Section 11.3, “Post-Migration Tasks,” on page 69 


11.1 Prerequisites for Migration 


For information about prerequisites, see “Migrating DNS to OES 2015 SP1” in the OES 2015 SP1: 
Migration Tool Administration Guide. 


11.2 Migrating the DNS Configuration from NetWare to 
Linux Clusters in the Same Tree 


In this scenario, both the NetWare server and the OES server are in the same eDirectory tree. The 
NetWare source server must be running NetWare 5.1 SP8 or later versions. The Linux target server 
must be running OES 2015 SP1 on 64-bit hardware. 


Use iManager to move the DNS server from a NetWare NCP server to an OES NCP server. For 
information see “Using Java Console to Migrate Servers within the Same eDirectory Tree” in the OES 
2015 SP1: Migration Tool Administration Guide. 


11.3 Post-Migration Tasks 


See “Post-Migration Procedure” in the OES 2015 SP1: Migration Tool Administration Guide. 
1 Use iManager or the Java Management Console to check for the existence of the following 
objects: 
+ DNS-DHCP 
+ DNSDHCP-GROUP 
+ RootServerinfo 
+ DNS Server object 


2 Use the Clusters plug-in for iManager to verify the Cluster load script and unload script of the 
DNS cluster resources. 


See “DNS Load, Unload, and Monitor Scripts” in the OES 2015 SP1 Beta: Novell DNS/DHCP 
Services for Linux Administration Guide. 


3 Start the DNS server on the OES cluster. 
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12.1 


12.2 


12.2.1 


Novell iPrint 


This section describes how to convert the iPrint cluster resource from NetWare 6.5 SP8 to Open 
Enterprise Server (OES) 2015 SP1. 

¢ Section 12.1, “Installing iPrint on the OES Nodes,” on page 71 

¢ Section 12.2, “Setting Up iPrint on the OES Nodes,” on page 71 

¢ Section 12.3, “Migrating the iPrint Cluster Resource from NetWare to OES,” on page 74 

¢ Section 12.4, “Finalizing the Cluster Conversion,” on page 75 


¢ Section 12.5, “Additional Information,” on page 75 


Installing iPrint on the OES Nodes 


Prepare the first OES server for use with iPrint in a cluster: 


1 Install the following services on an OES server: 
+ Novell iPrint 
+ Novell Storage Services 
+ Novell Cluster Services (but do not configure at install time) 
Select at least these services and any dependent services that each one requires. 
2 After the install, add the server to the NetWare cluster: 


For instructions, see Section 4.2, “Adding New OES Nodes to Your NetWare Cluster,” on 
page 36. 


Setting Up iPrint on the OES Nodes 


Perform the steps in this section to set up iPrint and an iPrint cluster resource on the OES nodes in 
the mixed-mode cluster. 

¢ Section 12.2.1, “Preparing the OES Nodes for iPrint,” on page 71 

¢ Section 12.2.2, “Setting Up iPrint on the OES iPrint Cluster Resource,” on page 72 

¢ Section 12.2.3, “Setting Up Preferred Nodes for the OES iPrint Cluster Resource,” on page 73 


¢ Section 12.2.4, “Editing the Load and Unload Scripts for the OES iPrint Cluster Resource,” on 
page 73 


¢ Section 12.2.5, “Verifying the Status of the iPrint Setup,” on page 74 
Preparing the OES Nodes for iPrint 
Because iPrint on NetWare and iPrint on Linux are different, cluster migrating the iPrint cluster 


resource from NetWare to Linux is not an option. You create a new pool cluster resource on an OES 
node that will be the iPrint cluster resource on Linux. To set up iPrint on each server, you move the 
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iPrint configuration information from the default Linux installation path on each node to the newly 
created shared NSS pool resource. Later, you will move the iPrint Driver Store and Print Manager 
information from the NetWare resource to the OES resource. 


1 In a web browser, open iManager, then use the Storage role to create a new shared pool and 
volume on one of the OES servers where iPrint is installed. 
This is the iPrint cluster resource that will contain the iPrint data. 


For information about creating a clustered NSS pool and volume, see “Creating Cluster-Enabled 
Pools and Volumes” in the OES 2015 SP1 Beta: Novell Cluster Services for Linux Administration 
Guide. 


2 On the first OES node, set up clustering for iPrint on the shared NSS volume that you created in 
Step 1. 


2a Log in as the root user to the OES node where the shared pool resource is active, then 
open a terminal console. 


2b Goto the /opt/novell/iprint/bin directory, then run the iprint_nss_ relocate script 
by entering 


./iprint_nss_ relocate -a admin _fdn -p admin_password -n nss_volume_path -1 
cluster [-c <Specify Container FDN where iPrint LUM object already 

exists or should be created>] [-w <Specify Container FDN where Apache LUM 
objects exist>] 


Replace admin_fdn with the comma-delimited fully distinguished name of the iPrint 
administrator user (Such as cn=admin, o=mycompany). Replace admin_password with the 
actual password of the specified iPrint administrator user. Replace nss_volume_path with 
the Linux path (such as /media/nss/NSSVOL1) to the shared NSS volume where you want 
to relocate the iPrint configuration data. 


For information about the script options, see “Setting up iPrint on the NSS File System” in 
the OES 2015 SP1: iPrint Linux Administration Guide. 


For example, enter 


./iprint_nss relocate -a cn=admin,o=mycompany -p password -n /media/nss/ 
NSSVOL1 -1 cluster -c o=mycompany,t=iPrint Tree -w 
o=mycompany,t=iPrint_Tree 


2c Review the messages displayed on the screen to confirm the data migration from the local 
Linux path to the shared NSS path is completed. 


3 For each remaining Linux node in the cluster where iPrint is installed, set up clustering for iPrint 
by doing the following: 


3a Log in as the root user to the OES node where the shared pool resource is active, then 
open a terminal console. 


3b Cluster migrate the shared NSS pool resource from the active OES node to this OES node 
by entering 


cluster migrate resource name node_name 


3c Log in to the newly active OES node as the root user, then open a terminal console. 
3d Run the iprint_nss relocate script as described in Step 2b, using the same values. 
3e Repeat Step 3a through Step 3d until all of the OES nodes are configured for iPrint. 


12.2.2 Setting Up iPrint on the OES iPrint Cluster Resource 


1 In iManager, select /Print > Create Driver Store, then create a Driver Store on the OES node 
where the iPrint cluster resource is active. 
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12.2.3 


12.2.4 


See “Creating a Driver Store” in the OES 2015 SP1: iPrint Linux Administration Guide. 


Use the IP or DNS name of the shared NSS pool resource that you created in Section 12.2.1, 
“Preparing the OES Nodes for iPrint,” on page 71 as the Target Server. For the eDirectory 
Server Name, choose an eDirectory server that holds a copy of the replica where the Printer 
Agents will be created. 


2 In iManager, select iPrint > Create Print Manager, then create a Print Manager on the OES node 
where the iPrint cluster resource is active. 


See “Creating a Print Manager” in the OES 2015 SP1: iPrint Linux Administration Guide. 


Use the IP or DNS name of the shared NSS pool resource that you created in Section 12.2.1, 
“Preparing the OES Nodes for iPrint,” on page 71 as the /Print Service. For the eDirectory Server 
Name, choose same server that you specified for the Driver Store. Deselect the Start print 
manager after creation option. 


Setting Up Preferred Nodes for the OES iPrint Cluster 
Resource 


Configure the Preferred Nodes list for the Linux shared NSS pool cluster resource to prevent an 
inadvertent failback of the resource to a NetWare server. 


1 In iManager, click Clusters > Cluster Manager, then select the cluster where the Linux shared 
NSS pool resource is currently active. 


2 Select the link for the OES shared NSS pool cluster resource to open its Properties page. 
3 Go to the Preferred Nodes tab. 
4 Move all of the NetWare nodes from the Assigned Nodes list to Unassigned Nodes list. 


5 Click OK to save your changes. 


Editing the Load and Unload Scripts for the OES iPrint 
Cluster Resource 


Edit the load and unload scripts for the OES iPrint cluster resource. 


1 Edit the load script. Add the following lines to the existing load script before the exit 0 
statement 


ignore error mv /media/nss/NSSVOL1/var/opt/novell/iprint/iprintgw.lpr /media/ 
nss/NSSVOL1/var/opt/novell/iprint/iprintgw.lpr.bak 





NOTE: Replace /media/nss/NSSVOL1 in the above command with your actual cluster volume 
mount point. 





exit_on_error rcnovell-idsd start 
exit_on_error rcnovell-ipsmd start 


The daemons can also be started by using the file path /etc/init.d/novell-idsd start and 
/etc/init.d/novell-ipsmd start. 

2 Edit the unload script. Add the following lines to the existing unload script after the /opt/ 
novell/ncs/lib/ncesfuncs statement: 


ignore error rcnovell-ipsmd stop 
ignore error rcnovell-idsd stop 
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The daemons can also be stopped by using the file path /etc/init.d/novell-ipsmd stop and 
/etc/init.d/novell-idsd stop. 


3 Activate the load and unload scripts by taking the resource offline, then bringing the resource 
online. 


12.2.5 Verifying the Status of the iPrint Setup 


Verify that the iPrint cluster resource is working by cluster migrating the OES iPrint cluster resource to 
each OES node in turn and performing the following checks: 


1 Log in as the root user on the OES node where the iPrint cluster resource is active, then open a 
terminal console. 
2 Check the status of the Print Manager and Driver Store. 


rcenovell-ipsmd status 
rcenovell-idsd status 

3 Test the ability of iprntman to authenticate the admin user (or other user given with miggui). 
iprntman psm -1 -u admin 

4 Cluster migrate the iPrint cluster resource to another OES node by entering 


cluster migrate resource_name node_name 


5 Repeat this check for each OES node in the mixed-mode cluster. 


12.3 Migrating the iPrint Cluster Resource from 
NetWare to OES 


After iPrint is configured for the OES nodes, you are ready to migrate the iPrint Driver Store and Print 
Manager information from the NetWare iPrint cluster resource to the OES iPrint cluster resource. 


Perform the following steps in “Migrating an iPrint Cluster Resource” in the OES 2015 SP1: Migration 
Tool Administration Guide. 


1 Perform the pre-migration checks as described in “Pre-Migration iPrint Configuration” in the OES 
2015 SP1: Migration Tool Administration Guide. 


2 Perform a consolidated migration of the iPrint service as described in “iPrint Consolidate 
Migration” in the OES 2015 SP1: Migration Too! Administration Guide. 


Start the Migration Tool from the target server (the OES node where the iPrint cluster resource is 
active). 


For the source server, authenticate by using the IP address or DNS name of the NetWare iPrint 
cluster resource. 


For the target server, authenticate by using the IP address or DNS name of the Linux iPrint 
cluster resource. 


3 Verify that the migration was successful as described in “Verifying the Result of the iPrint 
Migration” in the OES 2015 SP1: Migration Tool Administration Guide. 


4 Transition the Transition end-user printing from NetWare to Linux. 
¢ Offline the NetWare iPrint cluster resource. 
+ View the NetWare iPrint cluster load script's /DNSNAME value. 
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+ Configure DNS to resolve the /DNSNAME value to the IP address of the target Linux cluster 
resource hosting the Print Manager. 





NOTE: The propagation of the DNS change might take time, depending on your network. 





DNSNAME is the address that the clients use to find the NetWare Print Manager. The same 
DNSNAME is used to find the Linux Print Manager. 


+ Update each of the Linux node /etc/hosts files to resolve to the Linux iPrint cluster IP 
address. 


+ Update the /etc/opt/novell/iprint/conf/ipsmd.conf PSMHostAddress value to the / 
DNSNAME. 


+ Restart the Print Manager. 


5 (Optional) Perform the post-migration steps as described in “Transfer ID” and “Migrating an iPrint 
Cluster Resource” in the OES 2015 SP1: Migration Tool Administration Guide. 


For detailed information about iPrint migration requirements, pre-migration configuration, migration 
procedures, post-migration tasks, and troubleshooting, see “Migrating iPrint to OES 2015 SP1” in the 
OES 2015 SP1: Migration Tool Administration Guide. 


12.4 Finalizing the Cluster Conversion 


After your OES iPrint setup is working as expected, finalize the cluster conversion, as described in 
Section 4.4, “Finalizing the Cluster Conversion,” on page 39. 


12.5 Additional Information 


See the following Novell Support Technical Information Documents (TIDs) in the Novell 
Knowledgebase for more information about migrating iPrint from NetWare to OES: 


¢ TID 7005448: Migrating an iPrint Cluster from NetWare to OES 2 (http://www.novell.com/ 
support/) 


¢ TID 7004455: iPrint Migration Best Practices (http://www.novell.com/support/) 
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MySQL 


SUSE Linux Enterprise Server (SLES) 11 Service Pack 3 (SP3) and Novell Open Enterprise Server 
2015 provide an open source version of the MySQL 5.5.x software that is offered under the GNU 
General Public License (GPL) Version 2. Version 5.0.x is available on SLES 11 SP2 and OES 11 
SP1, and earlier versions. MySQL can be used with Novell Cluster Services to provide high 
availability support to the customers you service with MySQL. This helps prevent interruptions of 
access for the MySQL database. 





IMPORTANT: As stated in the Release Notes for SUSE Linux Enterprise Server 11 SP3 and earlier 
(http://www.novell.com/linux/releasenotes/x86_64/SUSE-SLES/11-SP3/), the open source MySQL 
packages require additional support contracts to be obtained by the customer in order to receive full 
support. 





The MySQL database format is upgraded from version 5.0 to version 5.5 in SUSE Linux Enterprise 
Server 11 SP3 and OES 11 SP2. For information about upgrading the database format, see 
“Upgrading from MySQL 5.0 to MySQL 5.5 Introduces a New Database Format” in the OES 2015 
SP1 Beta: Web Services and Applications Guide. 


MySQL is installed on all nodes where you want it to run, but a database runs on only one node in the 
cluster at a time. The MySQL configuration files are modified on each node to point to a path ona 
Linux Logical Volume Manager (LVM) volume group cluster resource that contains the MySQL 
database files. You cluster-enable the volume group by using the MySQL template, then configure its 
resource load, unload, and monitoring scripts, set its resource failover and failback modes, and 
assign the resource to specific nodes in the cluster. When a node fails where the resource is online, 
the resource fails over to the next preferred node in the cluster. 





IMPORTANT: Refer to the official MySQL 5.5 documentation for information about configuring, 
managing, and using MySQL. For information, see the MySQL Documentation Library: MySQL 
Reference Manuals (http://dev.mysql.com/doc/). 





The instructions in this section describes how to set up MySQL in a Novell Cluster Services cluster. 


¢ Section 13.1, “Prerequisites for Clustering MySQL,” on page 78 

¢ Section 13.2, “Installing and Enabling MySQL,” on page 78 

¢ Section 13.3, “Creating an LVM Volume Group and Logical Volume,” on page 81 
¢ Section 13.4, “Configuring MySQL on the LVM Logical Volume,” on page 86 

¢ Section 13.5, “Cluster-Enabling MySQL on the Logical Volume,” on page 87 

¢ Section 13.6, “File Location,” on page 90 

¢ Section 13.7, “Security Considerations for the MySQL Configuration,” on page 91 
¢ Section 13.8, “Additional Information,” on page 92 
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13.1 Prerequisites for Clustering MySQL 


The following setup is required for clustering the MySQL database files with Novell Cluster Services: 


O Novell Cluster Services must be installed and configured as described in “Installing, Configuring, 
and Repairing Novell Cluster Services” in the OES 2015 SP1 Beta: Novell Cluster Services for 
Linux Administration Guide. 


O MySQL must be installed on every node in the cluster where you want MySQL to run. The 
installation is described in Section 13.2, “Installing and Enabling MySQL,” on page 78. 


O The SAN device that you want to use for the MySQL database must be accessible to all nodes in 
the cluster. It will be activated on only one node at a time. 


O You must create a shared Linux Logical Volume Management (LVM) volume group where you 
will store the MySQL database and configuration file. This setup is described in Section 13.3, 
“Creating an LVM Volume Group and Logical Volume,” on page 81. 


13.2 Installing and Enabling MySQL 


Before you configure MySQL with Novell Cluster Services, MySQL must be installed and configured 
properly on all servers in the cluster where you intend to run it. You can use the YaST Software 
Management tool to install the MySQL and the MySQL Client packages. Other MySQL packages are 
available that allow you to use MySQL with Perl, PHP, Postfix, or Python, but this guide does not 
cover their installation or use. 


Package 
mysql 


mysql-client 


Description 


Provides the MySQL software and database. 


Provides the MySQL client command line program that acts as a text-based front 
end for the MySQL Server. It is used for issuing queries and viewing the results 
interactively from a terminal window 





msql-Max 


Provides the MySQL software, database, and the following features for users that 
require transaction support: 


+ Berkeley database (BDB) tables 


+ InnoDB tables 


These features provide transaction-safe tables to which locks are applied while a 
series of SQL queries is made. The series of queries is referred to as a transaction. 





perl-DBD-mysql 


Provides a MySQL database driver (DBD) to support a database-independent 
interface (DBI) for the Perl programming language. 





php5-mysql 


Provides a PHP plug-in that allows an Apache HTTP server to access a MySQL 
database. 





postfix-mysql 


Provides a Postfix plug-in that allows a Postfix mail system to access a MySQL 
database. 





python-mysql 


Provides a Python plug-in that allows you to execute SQL queries on a MySQL 
database through your Python application. 
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Use the following procedure to install the mysql and mysql-client packages, and enable MySQL on 
each node in the cluster: 
1 Log in to the server as the Linux root user, then open YaST. 
2 Ensure that the SUSE Linux Enterprise Server 11 SPx installation CD is mounted on the server. 
3 In YaST, select Software > Software Management, then click the Search tab. 
4 To find the components, type mysql in the Search field, then click Search. 
5 In the Package list, select mysql and mysql-client. 






























































k YaST2 = o e 
File Package Configuration Dependencies Options Extras Help 
| View | {Search| RPM Groups | Installation Summary | Patterns | ES 
|mysql | v| | Search 
L eae — Y Package Summary Installed (Avail: Size 
E libmysaqiclientis MySQL Shared Libraries 5.0.96-0.6.1 1.4 MiB 
à E libmysqiclient_n5 A True Multiuser, Multithreaded SQL Database Server 5.0.96-0.6.1 1.4 MiB 
Search in 
Æ libqt4-sql-mysql Qt 4 MySQL support 4.6.3-5.25.4 95.0 KiB 
Mi Name L_] libgda-3_0-mysq| mySQL Provider for GNU Data Access (GDA) (.1.5-2.1.76) 89.0 KiB 
MI Keywords libgda-4_0-mysq| MySQL Provider for GNU Data Access (GDA) (4.1.2-1.3.48) 190.0 KiB 
rs: libmysqiclient15-32bit MySQL Shared Libraries (S.0.96-0.6.1) 1.3 MiB 
M) Summary L Server part of MySQL Community Server (6.5.31-0.7.10) 
O Description mysql-client Client for MySQL Community Server (5.5.31-0.7.10) 17.1 MiB 
ji mysql-tools MySQL Community Server tools 6.5.31-0.7.10) 17.5 MiB 
C RPM "Provides" perl-DBD-mysql Interface to the MySQL database (4.008-4.3) 427.0 KiB 
C RPM "Requires" php53-mysql PHPS Extension Module (5.3.17-0.13.7) 200.0 KiB 
postfix-mysq! Postfix plugin to support MySQL maps (2.9.4-0.13.9) 15.0 KiB 
C File list 


Description | Technical Data Dependencies Versions File List Change Log 


mysql - Server part of MySQL Community Server | 





S h Mod 
earch mes SQL is the most popular database language in the world. MySQL is a client/server implementation that consists of a 


server daemon (mysqld) and many different client programs and libraries 


o 


Contains 





The main goals of MySQL are speed, robustness, and ease of use. MySQL was originally developed because the 
developers at TcX needed an SQL server that could handle very large databases an order of magnitude faster than what 
O Case Sensitive any database vendor could offer them. They have now been using MySQL since 1996 in an environment with more than 
= 40 databases containing 10,000 tables, of which more than 500 have more than 7 million rows. This is about 100 
gigabytes of mission-critical data 


The base upon which MySQL is built is a set of routines that have been used in a highly demanding production 
environment for many years. While MySQL is still in development, it already offers a rich and highly useful function set. 


The official way to pronounce MySQL is &quot:My Ess Que Ell&quot; (Not MY-SEQUEL) 
This package only contains the server-side programs 


Supportability: Additional Customer Contract Necessary 





Cancel || Accept 





6 Click Accept, then click Continue for each component to confirm that you want to install it. 
YaST does the following: 
¢ Installs the MySQL Server and MySQL Client software. 


The software is not enabled by default, and the MySQL daemon is not running at this time. 
No run levels are set. 


+ Creates the MySQL root user (a user internal to the MySQL system) as a superuser that 
has access rights to perform any function in MySQL. Initially, this user has no password 
assigned. 


+ Creates a default path /var/1ib/mysql for storing databases that you create later. Initially, 
this directory is empty. It is populated later when you enable the MySQL service. 


+ Creates the mysql user and group on the server and makes them the owners of the default 
data directory /var/1ib/mysql and its contents. 
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+ Creates a default mount point /mnt /mysql for the database. This is where you will mount 
the LVM logical volume that you create for the database in Section 13.3, “Creating an LVM 
Volume Group and Logical Volume,” on page 81. 


¢ Creates the default MySQL configuration file (/etc/my.cnf). 
7 In YaST, enable the MySQL service: 
7a Select System > System Services (Runlevel). 
7b Select Expert Mode. 
7c In the Service list, select the mysql daemon. 
7d Click Set/Reset > Enable the Service. 


Under Service will be started in the following runlevels, notice that the 2, 3, and 5 check 
boxes are selected by default. You don’t want the service to start on system boot because it 
starts when the cluster resource is brought online on a cluster node. 





9 System Services (Runlevel): Details 


Simple Mode @ Expert Mode 
Set default runlevel after booting to. 





5: Full multiuser with network and display manager e| 











Serice ¥ Running 0 1 2 3 4 5 6 B s Description | ot 
irq_balancer No 1 2 3 5 irqbalance daemon providin 
ivman No mounting/execution daemo, 
java. binfmt_misc Yes 3 5 enables the system to autc 
joystick No Set up analog josysticks | 
kbd Yes 1 2 3 5 S Keyboard settings 
kexec No Enables reboot through Ky 
mcelog No Machine Check Architectur | 
mdadmd No mdadmd daemon monitorin 
micasad Yes 1 2 3 5 miCASA daemon | 
microcode. ctl No 1 2 3 5 S CPU microcode updater 
multipathd No Starts multipath daemon | 
E 











Start the MySQL database server 


Service will be started in following runlevels 
Oo or M2 M3 O4 Ms O6 Os Liisi 
Start/Stop/Refresh ~ | | Set/Reset ~ | 








| Help | Cancel | | oK 





7e In the lower right corner, click OK. 
7f When you are prompted to confirm the changes, click Yes to save them. 
7g Exit YaST. 
8 Stop the MySQL daemon from running. In a terminal console, enter the following as the Linux 
root user: 
/etc/init.d/mysql stop 
Alternatively, you can use the rcmysql stop command. 
9 Repeat Step 1 through Step 8 on each node in the cluster to install and enable MySQL. 


10 After you have installed and enabled MySQL on all servers in the cluster, continue with 
Section 13.3, “Creating an LVM Volume Group and Logical Volume,” on page 81. 
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13.3 


13.3.1 


13.3.2 


Creating an LVM Volume Group and Logical 
Volume 


After you have installed MySQL, you are ready to set up the LVM volume group and logical volume 
where you will store a MySQL database. Sample values are used in the procedures in this section to 
help you understand what is required at each step. The overview provides only the Linux commands 
that you need to create and prepare the volume group for use by MySQL. The detailed description 
provides more information about the process, including the syntax and sample commands. 


¢ Section 13.3.1, “Sample Values,” on page 81 
¢ Section 13.3.2, “Setting Up the VG and LV (Overview),” on page 81 
¢ Section 13.3.3, “Setting up the VG and LV (Detailed),” on page 82 


Sample Values 


The procedures in this section use the following parameters. Ensure that you replace the sample 
values with your values. The first node in the cluster is where you configure MySQL and the cluster 
resource. 








Parameter Sample Value 
LVM physical volume /dev/sdd 
LVM volume group name mysqlvg 

LVM logical volume msqllv 

File system type ext3 


This is the file system type that you make on the LVM 
logical volume, such as btrfs, ext2, ext3, 
reiserfs, or xfs. 











Logical volume path /dev/mysqlvg/mysqllv 
Mount point for the logical volume /mnt/mysql 

Default MySQL root path /var/lib/mysql 

New MySQL root path /mnt/mysql/var/lib/mysql 


Setting Up the VG and LV (Overview) 


You can create the volume group and logical volume by issuing the following LVM commands as the 
root user on the cluster node. This overview of the process uses the sample values. Ensure that you 
substitute your own values in the commands. For details, see “Setting up the VG and LV (Detailed)” 
on page 82. 


Command Action Command 
1. Create the LVM physical volume. pvcreate /dev/sdd 
2. Create the clustered LVM volume group. vgcreate -c y mysqlvg /dev/sdd 
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Command Action Command 








3. Activate the volume group exclusively on the vgchange -a ey mysqlvg 

node. 

4. Create the LVM logical volume. lvcreate -n mysqllv -L size mysqlvg 
5. Add a file system to the LVM logical volume. mkfs -t ext3 /dev/mysqlvg/mysqllv 


[fs_options] 





6. Create a mount point for the logical volume. mkdir /mnt/mysql 


You must also create this path on each node in the 








cluster. 

7. Mount the LVM logical volume. mount -t ext3 /dev/mysqlvg/mysqllv / 
mnt /mysql 

8. Create the directory structure for the MySQL cd /mnt/mysgql 

database files on the mounted logical volume. mkdir /mnt/mysql/var 


mkdir /mnt/mysql/var/lib 
mkdir /mnt/mysql/var/lib/mysql 





9. Modify the file ownership of the mount point and chown -R mysgql:mysql /mnt/mysql 
subdirectories. 





10. Deactivate the LVM logical volume. vgchange -a n mysqlvg 


13.3.3 Setting up the VG and LV (Detailed) 


The following procedure provides detailed instructions for creating the LVM volume group and logical 
volume: 
1 Log in as the Linux root user to the first node of the cluster, then open a terminal console. 


2 In NSSMU, initialize the SAN device that you want to use for the MySQL database, but do not 
mark it as shareable for clustering: 


2a At the console prompt, launch NSSMU by entering: 


nssmu 


2b Select Devices, then press Enter. 

2c In the Devices list, select the unpartitioned device that you want to use, then press F3 to 
initialize it. 

2d Read the advisory, then press Y to confirm that you want to initialize the device. 

2e Specify the Master Boot Record (MBR) type as DOS or GPT, then press Enter. 


Typically, you use DOS format for devices up to 2 TB. You use GPT for devices greater than 
2 TB. 
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2f Verify that the device is initialized and that it is unshared (that is, Shareable for Clustering is 
set to No). 


vice Information 





‘F3=Init F5=Refresh F6=Share ENTER=Show Partitions ESC=Prey Menu 


2g Exit NSSMU to return to the command prompt. 
3 Create an LVM physical volume on the device (Such as /dev/sdd) by entering: 
pvcreate <device> 


For example: 


pvcreate /dev/sdd 
No physical volume label read from /dev/sdd 
Physical volume "/dev/sdd" successfully created 


4 Create an LVM volume group (such as mysqlvg) on the physical volume by entering: 
vgcreate -c y <vg_ name> <device> 
For example: 


vgcreate -c y "mysqlvg" /dev/sdd 
Clustered volume group "mysqlvg" successfully created 


The volume group is automatically activated. 
5 Activate the volume group exclusively on the current server by entering: 
vgchange -a ey <vg name> 


The -a option activates the volume. The ey parameter specifies the values exclusively and 
yes. 


For example: 
vgchange -a ey mysqlvg 

6 View information about the volume group by using the vgdisplay command: 
vgdisplay <vg_name> 


Notice that 4 MB of the device are used for the volume group’s Physical Extent (PE) table. You 
must consider this reduction in available space on the volume group when you specify the size of 
the LVM logical volume in the next step (Step 7). 
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For example: 


vgdisplay mysqlvg 
--- Volume group --- 








VG Name mysqlvg 

System ID 

Format lvm2 

Metadata Areas 1 

Metadata Sequence No 1 

VG Access read/write 

VG Status resizable 

MAX LV 0 

Cur LV 0 

Open LV 0 

Max PV 0 

Cur PV 1 

Act PV 1 

VG Size 508.00 MB 

PE Size 4.00 MB 

Total PE 127 

Alloc PE / Size 0 / 0 

Free PE / Size 127 / 508.00 MB 
VG UUID rqyAd3 -U2dg-HYLw- 0SyN-1007-74BH3-qHvySe 


7 Create an LVM logical volume (Such as mysql1v) on the volume group by entering: 


lvcreate -n <lv_name> -L size <vg_ name> 


Specify the logical volume name, size, and the name of the volume group where you want to 
create it. The size is specified in megabytes by default. 


The logical volume full path name is /dev/<vg_name>/<lv_name>. 
For example: 


lvcreate -n "mysqllv" -L 500 "mysqlvg" 
Logical volume "mysqllv" created 


This volume’s full path name is /dev/mysqlvg/mysql lv. 
8 View information about the logical volume by entering: 
lvdisplay -v <lv_path_name> 


For example: 


lvdisplay -v /dev/mysqlvg/mysqllv 
Using logical volume(s) on command line 
--- Logical volume --- 





LV Name /dev/mysqlvg/mysqllv 
VG Name mysqlvg 

LV UUID nIfsMp-alRR-i4Lw-Wwdt-v5i0-2hDN-qrwWTLH 
LV Write Access read/write 

LV Status available 

# open 0 

LV Size 500.00 MB 

Current LE 125 

Segments 1 

Allocation inherit 

Read ahead sectors auto 

- currently set to 1024 

Block device 253:1 


9 Create a file system (Such as BtrFS, Ext2, Ext3, ReiserFS, or XFS) on the LVM logical volume by 
entering: 


mkfs -t <fs_type> <lv_path_name> [fs_options] 
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10 


12 


13 


You can specify file system options according to the type of file system you are making. For 


information, see the mkfs (8) man page and the related man page for the file system type, such 


as mkfs.btrfs (8), mkfs.ext2(8), mkfs.ext3 (8), mkfs.reiserfs (8), Or mkfs.xfs (8). 


For example: 


mkfs -t ext3 /dev/mysqlvg/mysqllv 
mke2fs 1.41.9 (22-Aug-2009) 
Filesystem label= 
OS type: Linux 
Block size=1024 (log=0) 
Fragment size=1024 (log=0) 
128016 inodes, 512000 blocks 
25600 blocks (5.00%) reserved for the super user 
First data block=1 
Maximum filesystem blocks=67633152 
63 block groups 
8192 blocks per group, 8192 fragments per group 
2032 inodes per group 
Superblock backups stored on blocks: 
8193, 24577, 40961, 57345, 73729, 204801, 221185, 401409 
Writing inode tables: done 
Creating journal (8192 blocks): done 
Writing superblocks and filesystem accounting information: done 


This filesystem will be automatically checked every 29 mounts or 
180 days, whichever comes first. Use tune2fs -c or -i to override. 


Create a mount point for the logical volume by entering: 

mkdir /mnt/mysql 

Mount the logical volume on the MySQL mount point by entering: 
mount -t <fs_type> <lv_path_name> <mount_point> 

For example: 

mount -t ext3 /dev/mysqlvg/mysqllv /mnt/mysql 


Go to the mount point location (/mnt /mysq1), then create the /var/1lib/mysql subdirectory 
structure by entering: 


cd /mnt/mysql 

mkdir /mnt/mysql/var 

mkdir /mnt/mysql/var/lib 
mkdir /mnt/mysql/var/lib/mysql 


Change the owner and group owner of the /mnt /mysql directory and its contents to use the 
mysql user and group. Enter the chown command with the recursive (-R) option: 


cd /mnt 
chown -R mysql:mysql mysql 


Another way to do this is to explicitly specify the directory path: 


chown -R mysql:mysql /mnt/mysql 


14 Continue with Section 13.4, “Configuring MySQL on the LVM Logical Volume,” on page 86. 


MySQL 


85 


13.4 Configuring MySQL on the LVM Logical Volume 


MySQL databases are usually located in a subdirectory of the /var/lib/mysql/ directory. If you 
create a database named test, the database files are located in the /var/lib/mysql/test 
directory. 


In order for MySQL to take advantage of the benefits provided by Novell Cluster Services, you must 
make some configuration changes to MySQL. On the first server, you copy the default MySQL 
configuration file (/etc/my.cn£) to the LVM logical volume, modify /mnt /mysql/var/lib/mysql/ 
my.cnf file so that all datadir entries are commented out, then create a MySQL database on the 
LVM Logical volume. 


The following instructions assume that you have not created a database on the server at this time. If 
a MySQL database currently exists in the default /var/1ib/mysq1 location, the database’s directory 
and its contents must be relocated to the new /mnt /mysql/var/1ib/mysql path, rather than creating 
it as described in Step 6 on page 86 of the following procedure. Afterwards, ensure that you modify 
the ownership of the folder and files to the mysql user and group by using the chown command as 
illustrated in Step 13 of Section 13.3, “Creating an LVM Volume Group and Logical Volume,” on 
page 81. 





IMPORTANT: After you have modified the MySQL configuration file to use the LVM logical volume 
path, you should always exclusively activate the volume group on the server before attempting to 
start the MySQL daemon. The cluster resource does this automatically in the load script. 





To configure a MySQL database on the LVM logical volume: 


1 Log in as the Linux root user on the first node, then open a file browser or terminal console. 
2 Copy the default /etc/my.cnf configuration file to the /mnt/mysql/var/lib/mysql directory: 
cp /etc/my.cnf /mnt/mysql/var/lib/mysql 


3 Ina text editor, modify the /mnt /mysql/var/lib/mysql/my.cnf file and comment out any data 
directory entries, then save your changes. For example: 


# datadir= 


4 Change the permissions on the /mnt/mysql/var/1lib/mysql/my.cnf file to Read and Execute 
for each permission level, and change the ownership to the mysql user and group: 


chmod 555 /mnt/mysql/var/lib/mysql/my.cnf 
chown mysql:mysql /mnt/mysql/var/lib/mysql/my.cnf 
You can view these settings by using the 11 <filepath> command. For example: 


11 /mnt/mysql/var/lib/mysql/my.cnf 
-r-xr-xr-x 1 mysql mysql 6297 2011-07-08 14:19 /mnt/mysql/var/lib/mysql/ 
my.cnf 
5 Open a terminal console as the Linux root user, then start MySQL: 
/etc/init.d/mysql start 
Another option is to use the remysql start command. 
6 Create a database named data on the LVM logical volume: 


mysql _install_db --datadir=/mnt/mysql/var/lib/mysql/data --user=mysql 
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7 Set the ownership of the data database to be the mysql user and group: 
chown -R mysql:mysql /mnt/mysql/var/lib/mysgql/data 

8 Stop the MySQL daemon from running: 
/etc/init.d/mysql stop 
Another option is to use the rcmysql stop command. 

9 Deactivate the LVM volume group: 
vgchange -a n <vg name> 
For example: 
vgchange -a n mysqlvg 

10 Continue with Section 13.5, “Cluster-Enabling MySQL on the Logical Volume,” on page 87. 


Cluster-Enabling MySQL on the Logical Volume 


Now that you have configured MySQL for the LVM logical volume, you are ready to cluster-enable 
MySQL. In iManager, you use the Novell Cluster Services MySQL template to create a cluster 
resource for the LVM volume group that contains the MySQL database. The resource’s load script 
starts the MySQL daemon when the resource is brought online, and the unload script stops it when 
the resource is taken offline. 


The sample scripts in this section use the following sample parameters. Ensure that you replace the 
sample values with your values. 





Parameter Sample Value 
Resource IP Address 10.10.10.44 
MOUNT_FS ext3 


This is the file system you created on the LVM volume 
group, such as bt rfs, ext2, ext3, reiserfs, or 











xfs. 
VOLGROUP_NAME mysqlvg 
MOUNT_DEV /dev/$VOLGROUP_NAME/mysqllv 
MOUNT_POINT /mnt/mysql 
MySQL_ROOT $MOUNT_POINT/var/lib/mysql 


Use the following procedure to create the MySQL cluster resource for the LVM volume group: 


1 In iManager, select Clusters > Cluster Options, then browse to select the cluster. 
2 Under the Cluster Objects title, click New. 


3 On the New Resource > Resource Type page, specify Resource as the type, then click Next. 
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4 On the New Resource > Cluster Resource Information page, specify a cluster resource name, 
browse to select the MySQL_ Template, then click Next. 


Do not select Online Resource after Create. You must configure the resource scripts and 
settings before bringing the resource online. 


New Resource 


Cluster Resource Information Create a new cluster resource or cluster resource template. 





Cluster Resource Name: |mysqllv | 








Inherit From Template: [MySQL_Template. cluster.ncs. r| ial 





C Online Resource after Create 
M) Define Additional Properties 


<< Back Next >> Cancel 


5 On the Load Script page, modify the definition fields for your MySQL resource, file system type, 
volume group name, logical volume name, and mount point, then click Next. 


The following load script uses the sample values from the MySQL setup: 


#!/bin/bash 
/opt/novell/ncs/lib/ncsfuncs 


# define the IP address 

RESOURCE IP=10.10.10.44 

# define the file system type 
MOUNT_FS=ext3 

#define the volume group name 
VOLGROUP_NAME=mysqlvg 

# define the device 

MOUNT _DEV= /dev/ $VOLGROUP_NAME/mysql lv 
# define the mount point 
MOUNT_POINT=/mnt /mysql 





# define MySQL database root 
MySQL ROOT=$MOUNT POINT/var/lib/mysql 





#activate the volume group 
exit_on_error vgchange -a ey $VOLGROUP_NAME 


# mount the file system 
exit_on_error mount_fs SMOUNT_DEV SMOUNT_POINT SMOUNT_FS 


# add the IP address 
exit_on_error add_secondary_ipaddress SRESOURCE_IP 





# start MySQL 
/usr/bin/mysqld_safe --user=mysql --pid-file=$MySQL ROOT/mysql.pid -- 
socket=SMySQL_ROOT/mysql.sock --datadir=$MySQL ROOT --bind- 
address=$RESOURCE IP &>/dev/null & 





# return status 
exit 0 
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6 On the Unload Script page, modify the definition fields for your MySQL resource, file system 
type, volume group name, logical volume name, and mount point, then click Next. 


The following unload script uses the sample values from the MySQL setup: 


#! /bin/bash 
/opt/novell/ncs/lib/ncsfuncs 


# define the IP address 
RESOURCE IP=10.10.10.44 

# define the file system type 
MOUNT _FS=ext3 

#define the volume group name 
VOLGROUP_NAME=mysqlvg 

# define the device 
MOUNT_DEV=/dev/SVOLGROUP_NAME/mysqllv 
# define the mount point 
MOUNT_POINT=/mnt /mysql 











# define MySQL database root 
MySQL_ROOT=$MOUNT_POINT/var/lib/mysql 














# request MySQL stop 
ignore error killproc -p $MySQL_ ROOT/mysql.pid -TERM /usr/sbin/mysqld 


# del the IP address 
ignore_error del_secondary_ipaddress SRESOURCE_IP 


# umount the file system 
sleep 10 # if not using SMS for backup, please comment out this line 
exit_on_error umount_fs SMOUNT_DEV SMOUNT_POINT SMOUNT_FS 


#deactivate the volume group 
exit_on_error vgchange -a n SVOLGROUP_NAME 


# return status 
exit 0 


7 On the Monitoring Script page, modify the definition fields for your MySQL resource, file system 
type, volume group name, logical volume name, and mount point, then click Next. 


The following monitoring script uses the sample values from the MySQL setup: 


=) 


#! /bin/bast 
/opt/novell/ncs/lib/ncsfuncs 


# define the IP address 

RESOURCE IP=10.10.10.44 

# define the file system type 
MOUNT_FS=ext3 

#define the volume group name 
VOLGROUP_NAME=mysqlvg 

# define the device 
MOUNT_DEV=/dev/SVOLGROUP_NAME/mysqllv 
# define the mount point 
MOUNT_POINT=/mnt /mysql 











# define MySQL database root 
MySQL_ROOT=S$MOUNT_POINT/var/lib/mysql 








#check the logical volume 
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exit_on_error status_lv SMOUNT_DEV 


# check the file system 
exit _on_error status_fs SMOUNT_DEV SMOUNT_POINT SMOUNT_FS 


# check the IP address 
exit_on_error add_secondary _ipaddress SRESOURCE_IP 


# check MySQL 
exit_on_error checkproc -p S$MySQL_ROOT/mysql.pid /usr/sbin/mysqld 


# return status 
exit 0 





8 On the Resource Policies page, specify the Resource Behavior, Start Mode, Failover Mode, and 
Failback Mode, then click Next. 


For information about these fields, see “Configuring the Start, Failover, and Failback Modes for 
Cluster Resources” in the OES 2015 SP1 Beta: Novell Cluster Services for Linux Administration 
Guide. 


9 On the Resource Preferred Nodes page, assign the nodes where MySQL is installed, then click 
Finish. 
The resource appears in the Cluster Objects list: 


10 Bring the MySQL resource online. Select Clusters > Cluster Manager, select the MySQL 
resource check box, then click Online. 


O æ mysallv ®) Running avalon 2 Jul 8, 2011 5:32:48 PM 


If the resource goes comatose, offline the resource, then open its properties page and re-verify 
the scripts. 


13.6 File Location 


During the MySQL installation, the following files are unpacked or created by YaST: 


MySQL Component Default Location in OES 


MySQL daemon for start, stop, and restart commands /etc/init.d/mysql 





Configuration files /etc/my.cnft 
/etc/mysqlaccess.conf 














Database files /var/lib/mysql 

Man pages /usr/share/man/man1 
Documentation (MySQL Readme) /usr/share/doc/packages/mysql 
Log file /var/lib/mysql/mysqld.log 


The MySQL log file can also be accessed via a hard 
link from /var/log/mysqld.log. 
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13.7.1 


13.7.2 


MySQL Component Default Location in OES 


Software Some of the software components might not appear in 


this location until after you enable the service. 


/usr/bin/mysql 
/usr/bin/mysqladmin 
/usr/bin/mysqlbinlog 
/usr/bin/mysqlbug 
/usr/bin/mysqlcheck 
/usr/bin/mysqld_ multi 
/usr/bin/mysqld_safe 
/usr/bin/mysqldump 
/usr/bin/mysqldumpslow 
/usr/bin/mysql_ fix extensions 
/usr/bin/mysql fix/privilege tables 
/usr/bin/mysqlimport 
/usr/bin/mysql_install_db 
/usr/bin/mysql_secure_installation 
/usr/bin/mysqlshow 
/usr/bin/mysqlupgrade 
/usr/bin/my_ print defaults 
/usr/bin/myisamcheck 
/usr/bin/myisam_ftdump 
/usr/bin/myisamlog 
/usr/bin/myisampack 





Security Considerations for the MySQL 
Configuration 


Consider the security measures in this section when working with MySQL. 


¢ Section 13.7.1, “MySQL Ports,” on page 91 
¢ Section 13.7.2, “Securing MySQL,” on page 91 


MySQL Ports 


MySQL uses port 3306 by default. Additional ports are assigned sequentially as 3307, 3308, and so 
on. These ports must be open in the firewall in order to allow remote access to the MySQL database. 


Securing MySQL 


The default installation of MySQL provides some configuration settings, an anonymous user, and the 


test database that can possibly compromise security in a production environment: 


+ The root user can connect from the local host or remotely. 
+ An anonymous user is also created and can connect from the local host or remotely. 


+ Any local user on the server can connect to the test database without a password and be 
treated as the anonymous user. 


+ The anonymous user can perform any function on any databases named test or with a name 
that begins with test_. 
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For production servers, we recommend that you secure your MySQL service by setting a password 
for the MySQL root user. This is a password for the MySQL administrator user, which is a root user 
within the MySQL system. It is not the Linux root user. 


1 To set the password and log in to MySQL on the server, enter the following commands: 


/usr/bin/mysqladmin -u root password <new_password> 
/usr/bin/mysgqladmin -u root -h <server_fdn_ name> password <new_password> 


For example: 


/usr/bin/mysqladmin -u root password novell 
/usr/bin/mysqladmin -u root -h myserverl.europe.example.com password novell 


Alternatively, you can run the mysql_secure_installation command as the Linux root user, 
complete the fields that make sense for your MySQL configuration, then use: 


/usr/bin/mysgql_secure installation 


We recommend that you configure the following secure settings: 


+ 


+ 


+ 


Set a password for the MYSQL root user. 


Remove MySQL anonymous users. 


Disallow remote login for the MySQL root user. 


The MySQL root user is allowed to connect to the database, but only from the local host. 


Remove the test database. 


Reload the Privileges table. 


13.8 Additional Information 


The following resources are available to help you manage and use MySQL: 


¢ MySQL 5.5 Reference Manual (http://dev.mysql.com/doc/refman/5.5/en/index.html) from the 
MySQL Documentation Library (http://dev.mysql.com/doc/) 


+ After you have installed MySQL and the MySQL client on the server, the following man pages 
are available for MySQL utilities by entering the man <mysql_utility> command: 


+ 


+ 


+ 


mysql 


mysql 
mysql 
mysqlcheck (1) 
mysqld multi (1) 
mysql 
mysql 
mysql 
mysql 
mysql 
mysql 


(1) 


Lbinlog 
Lbug (1) 


mysqladmin (1) 





ld_ safe 


ldump (1) 





mysql 


lsecure_ 


1) 


1) 


_fix_ extensions (1) 
_fix privileg_tables (1) 
limport (1) 
_install_db/(1) 


installation (1) 
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+ mysqlshow(1) 
+ mysqlupgrade (1) 
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14.1 


14.2 


14.3 


Novell Storage Services Pools 


Consider the guidelines in this section when converting Novell Storage Services (NSS) pool cluster 
resources from NetWare 6.5 SP8 to Open Enterprise Server (OES) 2015 SP1. 
¢ Section 14.1, “NSS Pool Cluster Migration,” on page 95 


¢ Section 14.2, “NSS File System Migration to NCP Volumes or Linux POSIX File Systems,” on 
page 95 


¢ Section 14.3, “Estimated Time Taken to Build the Trustee File on Linux,” on page 95 
¢ Section 14.4, “Using Antivirus Software for NSS and NCP Volumes on Linux,” on page 96 


NSS Pool Cluster Migration 


In the mixed-mode cluster, NSS pool cluster resources created on NetWare can be failed over or 
cluster migrated to nodes that are running OES where NSS is installed and running. 


For information about NSS differences in OES 11 and later, see “NSS Pools (Storage Manager)” in 
the OES 2015 SP1 Beta: Novell Cluster Services for Linux Administration Guide. 


Some NSS features are not available or work differently on Linux. See “Cross-Platform Issues for 
NSS” in the OES 2015 SP1: NSS File System Administration Guide for Linux. 


Pool snapshots use different technologies on NetWare and Linux. Pool snapshots are not supported 
for shared pools on Linux. 





IMPORTANT: Ensure that you delete pool snapshots for all clustered pools before you begin the 
cluster conversion. 





NSS File System Migration to NCP Volumes or 
Linux POSIX File Systems 


To move data from NSS file systems on NetWare to NCP volumes or to Linux POSIX file systems on 
Linux, you must use the Migration tool. See “Migrating File Systems to OES 2015 SP1” in the OES 
2015 SP1: Migration Tool Administration Guide. 


Estimated Time Taken to Build the Trustee File on 
Linux 


On Linux, NCP Server stores file system trustees and rights information in the ._ NetWare/ 
.trustee_database.xml file at the root of each NSS volume or NCP volume. The NSS file system 
also stores this information in its file system metadata as it does on NetWare. This database file is 
updated when you: 


+ Add file system trustees and rights 
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+ Delete file system trustees and rights 
+ Modify file system trustees and rights 


When you migrate an NSS volume from NetWare to Linux, the trustee database file does not exist. 
NCP Server reads the trustee and rights information from the NSS file system metadata, validates the 
User object, and stores the settings ina . NetWare/.trustee_database.xml file at the root of the 
volume. The information collection process begins automatically when the NSS volume is mounted 
on the OES server. 


Testing found that building the initial database on Linux for an existing volume takes about one minute 
per 50,000 storage objects. Testing was done on the following configuration for the target server: 


HP DL380 G5 

2 Quad-Core Intel Xeon CPU E5345 @ 2.33 GHz 
12 GB RAM 

1 Gigabit NIC 


2 HBAs with 4 paths to the EMC DMX Symmetrix Storage with 4 gigabits per second (Gbps) 
bandwidth 


To follow the synchronization between the file system and the trustee file, look for output in the /var/ 
opt /novell/log/ncp2nss.1og file. 


Using Antivirus Software for NSS and NCP 
Volumes on Linux 


For information about using antivirus software for NSS volumes and NCP volumes on your OES 
servers, see “McAfee Antivirus Requires Additional Configuration” in the OES 2015 SP1: Planning 
and Implementation Guide. 
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Comparing Novell Cluster Services 
for Linux and NetWare 


Table A-1 compares the features and capabilities of Novell Cluster Services on Open Enterprise 
Server (OES) 2015 SP1 and NetWare 6.5 SP8. 


Table A-1 Comparison of Novell Cluster Services for Linux and NetWare 


Feature or Capability 


Operating system 


Cluster Services for Linux 


OES 2015 SP1 


Cluster Services for NetWare 


NetWare 6.5 SP8 

















Two-node cluster with OES license Yes Yes 

Up to 32 nodes in a single cluster Yes Yes 

with additional license 

Guest servers on Xen VMs as Yes Yes 

cluster nodes 

Guest servers on KVM VMs as Yes Yes 

cluster nodes 

Guest servers on VMware as Yes Yes, where NetWare is supported 


cluster nodes 


See OES 2015 SP1 Beta: Novell 
Cluster Services Implementation 
Guide for VMware. 


by the VMware product 





Novell Business Continuity 
Clustering support 


BCC 2.0 for OES 11 SP1 


BCC 1.1 SP2 for NetWare 6.5 SP8 





Administrator users 


The administrator user whose 
credentials you provide during the 
installation is the cluster 
administrator. 


The tree administrator user is not 
automatically given rights. Rights 
must be granted manually. See 
“Configuring Additional 
Administrators” in the OES 2015 
SP1 Beta: Novell Cluster Services 
for Linux Administration Guide. 


The administrator user whose 
credentials you provide during the 
installation is the cluster 
administrator. For NetWare, rights 
are automatically extended to the 
tree administrator user. 





OES Common Proxy User 


Supported 


Not applicable 





NCS_Management Group 


Yes 


Not applicable 





Preferred list for LDAP servers 


Directory-based cluster 
configuration 


Yes; in the /etc/opt/novell/ 
nes/clstrlib.conf file 


Yes; common schema for NetWare 
and Linux 
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Yes; common schema for NetWare 
and Linux 
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Feature or Capability 


Directory schema extension during 
the first Novell Cluster Services 
installation in a tree 


Cluster Services for Linux 


The user who installs the fist 
instance of Novell Cluster Services 
in a tree must have schema 
extension rights. 


The schema extension can be 
performed separately from the 
Novell Cluster Services installation 
by a user with schema extension 
rights. See “Extending the 
eDirectory Schema to Add Cluster 
Objects” in the OES 2015 SP1 
Beta: Novell Cluster Services for 
Linux Administration Guide. 


Afterwards, any administrator with 
sufficient rights can install Novell 
Cluster Services. See. “Assigning 
Install Rights for Container 
Administrators or Non-Administrator 
Users” in the OES 2015 SP1 Beta: 
Novell Cluster Services for Linux 
Administration Guide. 


Cluster Services for NetWare 


The user who installs the fist 
instance of Novell Cluster Services 
in a tree must have schema 
extension rights. 





Forward migration for Novell 
Cluster Services 


OES 11 SP2 to OES 2015 SP1: 


Down cluster and rolling cluster 
upgrade are supported. See 
“Upgrading OES 11 Clusters” in the 
OES 2015 SP1 Beta: Novell Cluster 
Services for Linux Administration 
Guide. 


OES 2 SP3 to OES 2015 SP1: 


Down cluster and rolling cluster 
upgrade are supported. 


Special handling is required for 
Linux POSIX file system cluster 
resources. See “Upgrading Clusters 
from OES 2 SP3 to OES 2015” in 
the OES 2015 SP1 Beta: Novell 
Cluster Services for Linux 
Administration Guide. 


NetWare 6.5 SP7 to NetWare 6.5 
SP8: Down cluster and rolling 
cluster upgrade are supported. 


NetWare 6.0 to NetWare 6.5 SP7 
or later: Down cluster and rolling 
cluster upgrade are supported. 


NetWare 5.1 to NetWare 6.5 SP7 
or later: Only the down cluster 
upgrade is supported. 





Cluster conversion from NetWare to 
Linux 


NetWare 6.5 SP8 to OES 2015 
SP1: Down cluster and rolling 
cluster conversion are supported. 


After all nodes have been 
converted, use the cluster 
commit command to finalize the 
conversion. 


Not applicable 





mixed-mode Linux and NetWare 
clusters 
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Supported only for rolling cluster 
conversions from NetWare to Linux. 


Supported only for rolling cluster 
conversions from NetWare to Linux. 
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Feature or Capability 


SBD (split-brain detector) 


Mirrored SBD 


Cluster Services for Linux 


Yes; during the install on the first 
server in the cluster, or by using the 
sbdutil after the install and before 
adding a second node to the 
cluster. 


During the install. 


After the install and before adding a 
second node to the cluster by using 
the sbdutil and specifying two 
devices. 


Mirroring an existing SBD by using 
NLVM. 


Cluster Services for NetWare 


Yes; during the install on the first 
server in the cluster. 


During the install on the first server 
in the cluster, or by using the sbdutil 
after the install. 





Shared disks 


Fibre Channel SAN LUNs 
iSCSI SAN LUNs 


SCSI disks (shared external drive 
arrays) 


Fibre Channel SAN LUNs 
iSCSI SAN LUNs 


SCSI disks (shared external drive 
arrays) 





Cluster-aware shared devices 


Share devices by using NLVM, 
NSSMU, or the Storage plug-in to 
iManager. 


Share devices by using NSSMU or 
the Storage plug-in to iManager. 





Requires Novell Storage Services 
(NSS) 


Required to use NLVM and NSSMU 
to manage devices, and to create 
NSS pools as cluster resources. 


NSS is the default file system on 
NetWare. 


Novell Cluster Services is not 
supported on NetWare traditional 
volumes. 





Volume manager for NSS pools 


Novell Linux Volume Manager 
NLVM 


NetWare Segment Manager 





Volume manager for Linux POSIX 
file systems 


Novell Linux Volume Manager 
NLVM 


NetWare Segment Manager 





Requires NCP (NetWare Core 
Protocol) 


NCP Server is required for all 
storage resources that use NCP, 
including NSS pools, NCP volumes, 
and Dynamic Storage Technology 
shadow volume pairs. 


NCP is optional for clustered Linux 
LVM volume groups and volumes. 


NCP is the default file access 
protocol on NetWare. 
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Feature or Capability 


NSS pools as cluster resources 


Cluster Services for Linux 


Yes 


See “Configuring and Managing 
Cluster Resources for Shared NSS 
Pools and Volumes” in the OES 
2015 SP1 Beta: Novell Cluster 
Services for Linux Administration 
Guide. 


Shareable for Clustering 


Multiple-Server Activation 
Prevention (MSAP) 


Cluster volume broker; Linux kernel 
module handles NSS pool events. 


Cluster Services for NetWare 


Yes 


See “Setting Up Cluster Resources 
for Novell Cluster Services” in the 
NW6.5 SP8: Novell Cluster 
Services 1.8.5 Administration 
Guide. 


Shareable for Clustering 


Multiple-Server Activation 
Prevention (MSAP) 


Cluster volume broker 





Linux POSIX file systems as cluster 
resources 


Yes 


See “Configuring and Managing 
Cluster Resources for Shared LVM 
Volume Groups”. 


For information about managing 
resources migrated from OES 2 
SP3 to OES 11 or later, see 
“Upgrading and Managing Cluster 
Resources for Linux POSIX 
Volumes with CSM Containers”. 


Not applicable 





NCP volumes on Linux POSIX file 
systems as cluster resources 


Yes 


See “Configuring NCP Volumes 
with Novell Cluster Services” in the 
OES 2015 SP1 Beta: NCP Server 
for Linux Administration Guide. 


Not applicable 





Dynamic Storage Technology 
shadow volume pairs as cluster 
resources 


Yes; by combining the load and 
unload scripts for shared NSS pools 
and managing the pair as a single 
cluster resource. 


See “Configuring DST Shadow 
Volume Pairs with Novell Cluster 
Services” in the OES 2015 SP1: 
Dynamic Storage Technology 
Administration Guide. 


Not supported by Dynamic Storage 
Technology. 





Xen virtual machines as cluster 
resources 


Yes 


See “Configuring Novell Cluster 
Services in a Virtualization 
Environment”. 


Not applicable 











iManager Yes Yes 

Clusters plug-in and Storage Yes Yes 

Management plug-in for iManager 

My Clusters and My Resources Yes Can be used to manage NetWare 


feature of the Clusters plug-in 


6.5 SP8 servers, but cannot be run 
on NetWare servers. 
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Feature or Capability 


Cluster Services for Linux 


Cluster Services for NetWare 














Cluster-enabling NSS pools by Yes Yes 

using the Storage plug-in for 

iManager 

Cluster-enabling NSS pools by Yes Yes 

using the NSS Management Utility 

(NSSMU) 

Creating cluster enabled NSS pools Yes Not applicable 
by using NLVM commands 

Creating cluster enabled LVM Yes Not applicable 
volume groups by using NSSMU 

Creating cluster enabled LVM Yes Not applicable 


volume groups by using NLVM 
commands 


Command line interface 


XML-based API 


Yes; using the terminal console as 
the root user 


Yes; same as NetWare except that 
it uses the /_adminfs path on 
Linux. 


Yes; using the terminal console 


Yes; same as for Linux except that it 
uses the _admin volume on 
NetWare. 





Load, unload, and monitor scripts 


Yes 


Script commands differ. Scripts are 
automatically translated from 
NetWare commands to Linux 
commands during the cluster 
conversion from NetWare to Linux. 
For a comparison of script 
commands, see “Planning the 
Conversion of Load and Unload 
Scripts” in the OES 2015 SP1 Beta: 
Novell Cluster Services NetWare to 
Linux Conversion Guide. 


Load and unload scripts; no 
monitoring 











NCP support for accessing files on Yes Yes 

shared NSS pools 

NCP support for accessing files on Yes Not applicable 
shared NCP volumes on Linux 

POSIX file systems 

NCP support for accessing files on Yes DST not available 


Dynamic Storage Technology 
volumes made up of two NSS 
volumes 





Novell AFP support for accessing 
files on shared NSS pools 


Yes; cross-protocol file locking 
available with NCP and Novell 
CIFS, or with NCP and Novell 
Samba 


Yes; with cross-protocol file locking 





Novell CIFS support for accessing 
files on shared NSS pools 


Yes; cross-protocol file locking 
available with NCP and Novell AFP, 
or with NCP and Novell Samba 
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Feature or Capability 


Novell CIFS support for accessing 
files on Dynamic Storage 
Technology volumes made up of 
two NSS volumes 


Cluster Services for Linux 


Yes; cross-protocol file locking 
available in NCP 


Cluster Services for NetWare 


DST not available 





Linux Samba/CIFS support for 
accessing files on shared NSS 
pools on Linux 


Yes; with cross-protocol file locking 
available in NCP 


Requires users to be Linux-enabled 
with Linux User Management. 


Requires Universal Password. 


Not applicable 





Linux Samba/CIFS support for 
accessing files on shared Linux 
POSIX file systems 


Yes 


Requires users to be enabled with 
Linux User Management. 


Requires Universal Password. 


Not applicable 





Leverage Heartbeat 2 resource 
agents 


Yes 


Not applicable 





LAN fault tolerance 


Channel bonding 


See /usr/src/linux/ 
Documentation/bonding.txt 


NIC teaming 


See “NIC Teaming” in the NW 6.5 
SP8: TCP/IP Administration Guide 





Multipath I/O 


Cascade failover prevention 


Device Mapper - Multipath I/O, or 
third-party MPIO solutions 


See “Managing Multipath I/O for 
Devices” (http://www.suse.com/ 
documentation/sles11/stor_admin/ 
data/multipathing.html) in the SLES 
11 SP3: Storage Administration 
Guide. (http://www.suse.com/ 
documentation/sles11/stor_admin/ 
data/bookinfo.html) 


Yes 


Media Manager Multipath I/O, or 
third-party MPIO solutions 


See “Managing Multipath I/O to 
Devices (NetWare)” in the NW 6.5 
SP8: NSS File System 
Administration Guide. 


Yes 





Master node election process 


New master election process as 
described in “Electing a Master 
Node”. 


Old master election process 

















Monitor script Yes No 
Resource Mutual Exclusion Groups Yes No 
NCS-level monitoring of the NDSD Yes, OES 11 SP2 or later No 
daemon 

STONITH Yes No 
VLAN support Yes No 
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Comparing Resources Support for 
Linux and NetWare 


Table B-1 compares clustering support for using Novell Cluster Services on Open Enterprise Server 
2015 SP1 and on NetWare 6.5 SP8. 


NSS pool cluster resources can be cluster migrated from NetWare to Linux as part of a cluster 
conversion. If the resource contains data only, no additional steps are required. However, clustered 
services can require special handling. See the OES 2015 SP1 Beta: Novell Cluster Services NetWare 
to Linux Conversion Guide. 


Table B-1 Comparison of Clustering Support for Services on Linux and NetWare 


Service NetWare 6.5 SP8 OES 2015 For conversion 
information, see 
AFP (Apple Filing Yes Yes See Chapter 5, “Novell 
Protocol) . a _ AFP,” on page 41. 
See “Setting Up for See “Configuring AFP with 


Macintosh” in the NW 6.5 Novell Cluster Services for 
SP8: AFP, CIFS, and NFS an NSS File System” in 
(NFAP) Administration the OES 2015 SP1: Novell 
Guide. AFP for Linux 
Administration Guide. 





Apache Web Server Yes Yes; use the standard See Chapter 6, “Apache 
` ; Apache Web Server for HTTP Server,” on 
See “Apache with Novell Linux. page 43. 


Cluster Services” in the 
NW6.5 SP8: Novell 
Cluster Services 1.8.5 
Resource Configuration 





Guide. 
CIFS (Windows File Yes; Novell CIFS Yes; Novell CIFS See Chapter 8, “Novell 
Services) . ee CIFS,” on page 63. 
See “Setting Up for See “Configuring CIFS 


Windows” in the NW 6.5 with Novell Cluster 
SP8: AFP, CIFS, and NFS Services for an NSS File 
(NFAP) Administration System” in the OES 2015 





Guide. SP1: Novell CIFS for 
Linux Administration 
Guide. 
DFS (Novell Distributed Yes Yes See Chapter 9, “Novell 
File Services) Volume : : Distributed File Services 
location database (VLDB) See “Clustering Novell See “Clustering Novell VLDB,” on page 65. 


Distributed File Services” Distributed File Services” 

in the NW 6.5 SP8: Novell inthe OES 2015 SP1: 

Distributed File Services Novell Distributed File 

Administration Guide. Services Administration 
Guide for Linux. 
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Service 


DHCP 


DNS 


NetWare 6.5 SP8 


Yes 


See “Clustering in 
NetWare 6.5” in the NW 
6.5 SP8: Novell DNS/ 
DHCP Services 
Administration Guide. 


Yes 


See “Creating a Cluster- 
Enabled DNS Server” in 
the NW 6.5 SP8: Novell 
DNS/DHCP Services 
Administration Guide. 


OES 2015 


Yes 


DHCP for Linux supports 
using a shared Linux 
POSIX file system or a 
shared NSS pool for the 
cluster resource. 


See “Configuring DHCP 
with Novell Cluster 
Services for the Linux File 
System” in the OES 2015 
SP1 Beta: Novell DNS/ 
DHCP Services for Linux 
Administration Guide. 


Yes 


See “Configuring DNS 
with Novell Cluster 
Services” inthe OES 2015 
SP1 Beta: Novell DNS/ 
DHCP Services for Linux 
Administration Guide. 


For conversion 
information, see 


See Chapter 10, “DHCP 
Server,” on page 67. 


See Chapter 11, “DNS 
Server,” on page 69. 





Dynamic Storage 
Technology service 


Not available 


Can be used in a cluster, 
but the service is not 
clustered. 


See also Storage, DST 
shadow volume pairs. 


DST runs on each OES 
node and you set the 
global server-level 
parameters to be the 
same on each one. 





eDirectory 8.8x 


No 


No 


eDirectory has its own 
redundancy built in 
(multiple replicas) and 
would not benefit from 
being clustered. 





Certificate Server 


Yes 


See “Server Certificate 
Objects and Clustering” in 
the Novell Certificate 
Server 3.3.1 
Administration Guide 
(http://www.novell.com/ 
documentation/crt33/). 


Yes 


See “Server Certificate 
Objects and Clustering” in 
the NetIQ Certificate 
Server Administration 
Guide. 


See Chapter 7, 
“eDirectory Server 
Certificates,” on page 59. 





exteNd Application Server 
and MySQL 


Yes; NetWare 6.5 SP2 or 
earlier. 


See “Configuring Novell 
exteNd Application Server 
and MySQL with Novell 
Cluster Services” in the 
NW6.5 SP8: Novell 
Cluster Services 1.8.5 
Resource Configuration 
Guide. 


Not available on Linux. 
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This install option was 
discontinued beginning in 
NetWare 6.5 SP3. 


See also MySQL. 


Service 


FTP Server 


NetWare 6.5 SP8 


Yes 


See “Cluster-Enabling 
NetWare FTP Server” in 
the NW 6.5 SP8: Novell 
FTP Administration Guide. 


OES 2015 


No; use the Novell FTP 
(Pure-FTPd) solution. 


See “Cluster Enabling 
Pure-FTPd in an OES 
2015 Environment” in the 


OES 2015 SP1: Planning 


and Implementation 
Guide. 


For conversion 
information, see 


Not applicable 





Identity Manager Bundle 
Edition 


Can be used in a cluster, 
but is not clustered. 
Requires Identity Manager 
3.5. 


Can be used in a cluster, 
but is not clustered. 


Requires Identity Manager 


4.0.2. 


See the /dentity Manager 


4.0.2 Overview Guide. 

















iPrint Yes Yes See Chapter 12, “Novell 
iPrint,” on page 71. 
See the NW 6.5 SP8: See “Configuring iPrint 
iPrint Administration with Novell Cluster 
Guide. Services” inthe OES 2015 
SP1: iPrint Linux 
Administration Guide. 
MySQL Yes Yes; use the standard 
MySQL service for Linux. 
See “Configuring MySQL 
on Novell Clustering See Chapter 13, 
Services” in the NW 6.5 “MySQL,” on page 77. 
SP8: Novell MySQL 
Administration Guide. 
NCP Server Can be used in a cluster, Can be used in a cluster, NCP Server runs on each 
but is not clustered. but is not clustered. server node in the cluster. 
It should have the same 
See also Storage, NCP configuration on each 
volumes on Linux POSIX node of the cluster. 
file systems. 
NetStorage Yes Yes No known issues. 
See “Configuring See “Configuring 
NetStorage with Novell NetStorage with Novell 
Cluster Services” in the Cluster Services” in the 
NW 6.5 SP8: NetStorage OES 2015 SP1 Beta: 
Administration Guide. NetStorage Administration 
Guide for Linux. 
NFS Yes No; use the standard 


See “Cluster-Enabling 
Native File Access for 
UNIX” in the NW 6.5 SP8: 
AFP, CIFS, and NFS 
(NFAP) Administration 
Guide. 
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Service 


Novell iFolder 2.1.x 


NetWare 6.5 SP8 


Yes 


OES 2015 


Not applicable 


For conversion 
information, see 


iFolder 2.1x is replaced by 
Novell iFolder 3.9. 





Novell iFolder 3.9 


Not applicable 


Yes 


See “Clustering iFolder 
Servers with Novell 
Cluster Services for Linux” 
in the Novell iFolder 3.9.2 
Administration Guide. 


See “Migration” in the 
OES 2015 SP1: Migration 
Tool Administration Guide. 





Printing 


Yes 


Yes 


See iPrint. 





Storage, DST shadow 
volume pairs 


Not applicable 


Yes 


See “Configuring DST 
Shadow Volume Pairs 
with Novell Cluster 
Services” inthe OES 2015 
SP1: Dynamic Storage 
Technology Administration 
Guide. 


DST shadow volumes are 
on shared NSS pools that 
are created separately, 
then managed in the 
same load/unload scripts. 





Storage, NCP volumes on 
Linux POSIX file systems 


Not applicable 


Yes 


See “Configuring NCP 
Volumes with Novell 
Cluster Services” in the 
OES 2015 SP1 Beta: NCP 
Server for Linux 
Administration Guide. 


The NCP Server service is 
not clustered; its volumes 
can be clustered. 








Storage, NetWare No Not applicable 
Traditional volumes 
Storage, NSS pools and Yes Yes See Chapter 14, “Novell 


volumes 


See “Setting Up Cluster 
Resources for Novell 
Cluster Services” in the 
NWé6.5 SP8: Novell 
Cluster Services 1.8.5 
Administration Guide. 


See “Configuring and 
Managing Cluster 
Resources for Shared 
NSS Pools and Volumes”. 


For a feature comparison, 
see “Cross-Platform 
Issues for NSS” in the 
OES 2015 SP1: NSS File 
System Administration 
Guide for Linux. 


Storage Services Pools,” 
on page 95. 





Tomcat 


Yes 


See “Configuring Tomcat 
and Novell Cluster 
Services” in the NW6.5 
SP8: Novell Cluster 
Services 1.8.5 Resource 
Configuration Guide. 


Yes; native to Linux 


Use a similar procedure to 
the one outlined for 
Tomcat on NetWare, but 
use the Linux locations 
and files. 
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You cannot convert the 
NetWare Tomcat 
configuration for a Linux 
server. 


Service 


Xen guest servers as 
nodes in a cluster 


NetWare 6.5 SP8 


Virtualized NetWare 
nodes can be used in 
NetWare clusters. Nodes 
can be any combination of 
virtual and physical 
servers. 


OES 2015 


Virtualized OES nodes 
can be used in OES 
clusters. Nodes can be 
any combination of virtual 
and physical servers. 


For conversion 
information, see 


See “Configuring Novell 
Cluster Services ina 
Virtualization 
Environment”. 





Xen virtual machines on 
the host server 


Not applicable 


Yes; use the Xen and 
XenLive templates. 


See “Virtual Machines as 
Cluster Resources”. 





VMware guest servers as 
nodes in a cluster 


For VMware products that 
support NetWare, 
virtualized NetWare nodes 
can be used in NetWare 
clusters. Nodes can be 
any combination of virtual 
and physical servers. 


Virtualized OES nodes 
can be used in OES 
clusters. Nodes can be 
any combination of virtual 
and physical servers. 


See OES 2015 SP1 Beta: 


Novell Cluster Services 
Implementation Guide for 
VMware. 
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